bitrat | ce4f5cc39b067867e398b8c5e8d4464399543b036027b0fe6bc160c8fe012f04 | Triage

Submit
Reports

Overview

overview

Static

static

3

44db1fa8e4...18.exe

windows7-x64

44db1fa8e4...18.exe

windows10-2004-x64

Sharing

General

Target

44db1fa8e4ad98383ed44d8af5172580_JaffaCakes118
Size

1.9MB
Sample

240729-n2cflsxcpp
MD5

44db1fa8e4ad98383ed44d8af5172580
SHA1

81843a52940e646183d38fd47e441f8a03cfb101
SHA256

ce4f5cc39b067867e398b8c5e8d4464399543b036027b0fe6bc160c8fe012f04
SHA512

d484e761f39ff3517b5e40578d26759018a9314a67ea3595e7a32cefdcddc63e6872d0684683fbe459f82fed58f381fd8b5b39295020ec47af5dc940097fe4ea
SSDEEP

24576:e1aBxXTnJtJivXVu5FFFhKT16gGLlxFqdGOlsvOZspmeu7V9DpLkV+hpOS2iwKwg:QaB5TJ6okTEblxwsv549DlWf4Bp

Score

10^/10

bitrat discovery evasion trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

44db1fa8e4ad98383ed44d8af5172580_JaffaCakes118.exe

Resource

win7-20240705-en

discovery evasion trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

44db1fa8e4ad98383ed44d8af5172580_JaffaCakes118.exe

Resource

win10v2004-20240709-en

bitrat discovery evasion trojan upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  44db1fa8e4ad98383ed44d8af5172580_JaffaCakes118
- Size
  
  1.9MB
- MD5
  
  44db1fa8e4ad98383ed44d8af5172580
- SHA1
  
  81843a52940e646183d38fd47e441f8a03cfb101
- SHA256
  
  ce4f5cc39b067867e398b8c5e8d4464399543b036027b0fe6bc160c8fe012f04
- SHA512
  
  d484e761f39ff3517b5e40578d26759018a9314a67ea3595e7a32cefdcddc63e6872d0684683fbe459f82fed58f381fd8b5b39295020ec47af5dc940097fe4ea
- SSDEEP
  
  24576:e1aBxXTnJtJivXVu5FFFhKT16gGLlxFqdGOlsvOZspmeu7V9DpLkV+hpOS2iwKwg:QaB5TJ6okTEblxwsv549DlWf4Bp
Score

10^/10

discovery evasion trojan bitrat upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- BitRAT payload
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Uses the VBS compiler for execution
- Windows security modification
  evasion trojan
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Scripting

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Scheduled Task

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasiontrojan

behavioral2

bitratdiscoveryevasiontrojanupx

© 2018-2024

Terms | Privacy