Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

a4c9599445...49.exe

windows10-2004-x64

10

a4c9599445...49.exe

windows7-x64

10

a4c9599445...49.exe

windows10-1703-x64

10

a4c9599445...49.exe

windows10-2004-x64

10

a4c9599445...49.exe

windows11-21h2-x64

10

Resubmissions

07/05/2024, 12:28 UTC

240507-pnhadaac95 10

07/05/2024, 12:28 UTC

240507-pnd8qaff8s 10

07/05/2024, 12:28 UTC

240507-pnc1naff7z 10

07/05/2024, 12:28 UTC

240507-pnbgtsac85 10

07/05/2024, 12:28 UTC

240507-pnawasff7w 10

25/04/2024, 13:10 UTC

240425-qegsxsba4s 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449

  • Size

    7.8MB

  • Sample

    240507-pnhadaac95

  • MD5

    feb61ffde2dd829e738ea35dc8ee6208

  • SHA1

    659e17fe8390c0494e1363c2ebd11333638fd56e

  • SHA256

    a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449

  • SHA512

    609d2a7950643bea16e353d73157429f304cd1807808becb6fd2c5bbeeb07c6583a98f0e76b7e051390771502cabc7bbda4360f53388867ab863c6f564fbd959

  • SSDEEP

    196608:oIRcbH4jSteTGv1xwhzav1yo31CPwDv3uFZjeg2EeJUO9WLQkDxtw3iFFrS6XOf:odHsfu1xwZ6v1CPwDv3uFteg2EeJUO9E

Score
10/10
bitratpersistencetrojanupx

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

n7dua2r7ev3r6fsisszycs7fvy4a36epnfje5s7lz5eiduoxetqg55ad.onion:1235

Attributes
  • communication_password

    99754106633f94d350db34d548d6091a

  • install_dir

    temp

  • install_file

    test1

  • tor_process

    test2

Targets

    • Target

      a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449

    • Size

      7.8MB

    • MD5

      feb61ffde2dd829e738ea35dc8ee6208

    • SHA1

      659e17fe8390c0494e1363c2ebd11333638fd56e

    • SHA256

      a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449

    • SHA512

      609d2a7950643bea16e353d73157429f304cd1807808becb6fd2c5bbeeb07c6583a98f0e76b7e051390771502cabc7bbda4360f53388867ab863c6f564fbd959

    • SSDEEP

      196608:oIRcbH4jSteTGv1xwhzav1yo31CPwDv3uFZjeg2EeJUO9WLQkDxtw3iFFrS6XOf:odHsfu1xwZ6v1CPwDv3uFteg2EeJUO9E

    Score
    10/10
    bitratpersistencetrojanupx

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2behavioral3behavioral4behavioral5

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.