bitrat

Resubmissions

09-04-2024 13:11

240409-qe3emafg95 10

09-04-2024 13:11

09-04-2024 13:10

09-04-2024 13:10

10-07-2021 10:36

Sharing

Copy URL

Twitter E-mail

General

Target

23ac6a9a61ddc568b82e23d19873e1756be1450cd9989f698be3d18f083f24aa.bin.sample
Size

5.2MB
Sample

240409-qe2s4afg94
MD5

0bff2eb7cf8fbbf17ff6594b09101e3b
SHA1

bfa77a5afa5d45aa178edc14361ca2a5825c96f5
SHA256

23ac6a9a61ddc568b82e23d19873e1756be1450cd9989f698be3d18f083f24aa
SHA512

0861b861e3579ea7867515cea737f811b28bdc689fe24a8e89d1cd9c47d621eb76488a444406d604e0ac860d5f4a8ec73d931828d4281372ad7827af61e73f13
SSDEEP

98304:3mcwWGj36qlPEo+AiJGIvKL10DGXPXbgkIjqNFHBAMSEFkU9WFn5fG2iD8ND3+P:2BP7lPEo+Phu3LjIjqjHBqEFPEF579Nr

Score

10^/10

Malware Config

Targets

- Target
  
  23ac6a9a61ddc568b82e23d19873e1756be1450cd9989f698be3d18f083f24aa.bin.sample
- Size
  
  5.2MB
- MD5
  
  0bff2eb7cf8fbbf17ff6594b09101e3b
- SHA1
  
  bfa77a5afa5d45aa178edc14361ca2a5825c96f5
- SHA256
  
  23ac6a9a61ddc568b82e23d19873e1756be1450cd9989f698be3d18f083f24aa
- SHA512
  
  0861b861e3579ea7867515cea737f811b28bdc689fe24a8e89d1cd9c47d621eb76488a444406d604e0ac860d5f4a8ec73d931828d4281372ad7827af61e73f13
- SSDEEP
  
  98304:3mcwWGj36qlPEo+AiJGIvKL10DGXPXbgkIjqNFHBAMSEFkU9WFn5fG2iD8ND3+P:2BP7lPEo+Phu3LjIjqjHBqEFPEF579Nr
Score

10^/10

bitrat persistence trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- BitRAT payload
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

BitRAT payload

ACProtect 1.3x - 1.4x DLL software

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

UPX packed file

Adds Run key to start application

Looks up external IP address via web service

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4