bitrat | 1b57c846642439e8075b62c48f9f308c599c2fc0c028631b9263e6724c64ecef | Triage

Submit
Reports

Overview

overview

Static

static

3

1b57c84664...ef.exe

windows7-x64

1b57c84664...ef.exe

windows10-2004-x64

Sharing

General

Target

1b57c846642439e8075b62c48f9f308c599c2fc0c028631b9263e6724c64ecef
Size

2.7MB
Sample

240821-tjt6laxhlb
MD5

5df4f8f8a7a896fad462276803c89857
SHA1

ab113df31bb37cdb727f3ea3c6e9cc397e5be80e
SHA256

1b57c846642439e8075b62c48f9f308c599c2fc0c028631b9263e6724c64ecef
SHA512

08a63d53836e37a7971f76dc1e60be44ec073bdd11cbf3eb9f9dac9d1c8e1a4fa7a83c38dff972c8febad82f53b3c85f0db548664851fe7b5d60b05999ec13ee
SSDEEP

24576:aju8SpOfT+Z8fDTuvlzq3ae70J6ImfeSnPlAVMRNJhpEx4oQp3d2TX9iSghV+3Ol:NOfHfvu9qakj+aRXEx4LV+3OvS

Score

10^/10

bitrat discovery persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1b57c846642439e8075b62c48f9f308c599c2fc0c028631b9263e6724c64ecef.exe

Resource

win7-20240705-en

bitrat discovery persistence trojan upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

1b57c846642439e8075b62c48f9f308c599c2fc0c028631b9263e6724c64ecef.exe

Resource

win10v2004-20240802-en

bitrat discovery persistence trojan upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

aaaxxx60.hopto.org:100

Attributes

communication_password
827ccb0eea8a706c4c34a16891f84e7b
tor_process
tor

Targets

- Target
  
  1b57c846642439e8075b62c48f9f308c599c2fc0c028631b9263e6724c64ecef
- Size
  
  2.7MB
- MD5
  
  5df4f8f8a7a896fad462276803c89857
- SHA1
  
  ab113df31bb37cdb727f3ea3c6e9cc397e5be80e
- SHA256
  
  1b57c846642439e8075b62c48f9f308c599c2fc0c028631b9263e6724c64ecef
- SHA512
  
  08a63d53836e37a7971f76dc1e60be44ec073bdd11cbf3eb9f9dac9d1c8e1a4fa7a83c38dff972c8febad82f53b3c85f0db548664851fe7b5d60b05999ec13ee
- SSDEEP
  
  24576:aju8SpOfT+Z8fDTuvlzq3ae70J6ImfeSnPlAVMRNJhpEx4oQp3d2TX9iSghV+3Ol:NOfHfvu9qakj+aRXEx4LV+3OvS
Score

10^/10

bitrat discovery persistence trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bitratdiscoverypersistencetrojanupx

behavioral2

bitratdiscoverypersistencetrojanupx

© 2018-2024

Terms | Privacy