bitrat

Resubmissions

26-04-2024 06:45

240426-hh76aaba6t 10

26-04-2024 06:44

26-04-2024 06:44

26-04-2024 06:44

26-04-2024 06:44

25-04-2024 13:09

Sharing

Copy URL

Twitter E-mail

General

Target

8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2
Size

11.7MB
Sample

240426-hh76aaba6t
MD5

aad57aa4be27a48ebfe54e35f8bf31d9
SHA1

cec3a059f103e163e6bfd0cbaa446045add97a89
SHA256

8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2
SHA512

423ecb0e593e7e862ba6a6f6d04937fdde737d5373620a61918522d348c25a39c40e0909e7e5dd4c52b5f546e6f15751a27d8820db0f1a10b98db25103d757b1
SSDEEP

196608:YN4reUU8Lxwhzav1yo31CPwDv3uFZjeg2EeJUO9WLQx6xtw3iFFrS6X/fTV73c:YN4reUPLxwZ6v1CPwDv3uFteg2EeJUOy

Score

10^/10

Malware Config

Extracted

Family

bitrat

Version

1.31

Targets

- Target
  
  8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2
- Size
  
  11.7MB
- MD5
  
  aad57aa4be27a48ebfe54e35f8bf31d9
- SHA1
  
  cec3a059f103e163e6bfd0cbaa446045add97a89
- SHA256
  
  8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2
- SHA512
  
  423ecb0e593e7e862ba6a6f6d04937fdde737d5373620a61918522d348c25a39c40e0909e7e5dd4c52b5f546e6f15751a27d8820db0f1a10b98db25103d757b1
- SSDEEP
  
  196608:YN4reUU8Lxwhzav1yo31CPwDv3uFZjeg2EeJUO9WLQx6xtw3iFFrS6X/fTV73c:YN4reUPLxwZ6v1CPwDv3uFteg2EeJUOy
Score

10^/10

bitrat trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- BitRAT payload
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2 behavioral3 behavioral4 behavioral5

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Proxy

T1090

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

BitRAT payload

ACProtect 1.3x - 1.4x DLL software

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

UPX packed file

Looks up external IP address via web service

Uses Tor communications

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5