bitrat | 76bb1098a0fc09328f1ac34847f16e4ad19d802ffb41ed2e2726aa42eae3a20e | Triage

Submit
Reports

Overview

overview

Static

static

3

eacc561ae9...18.exe

windows7-x64

eacc561ae9...18.exe

windows10-2004-x64

3

Sharing

General

Target

eacc561ae98cccf101c9297bcb2ea5ee_JaffaCakes118
Size

2.3MB
Sample

240919-hpatcsweln
MD5

eacc561ae98cccf101c9297bcb2ea5ee
SHA1

da649c27ed406249a536856cfc7ea47cfe80e4f3
SHA256

76bb1098a0fc09328f1ac34847f16e4ad19d802ffb41ed2e2726aa42eae3a20e
SHA512

4afcdd91008607a8589ff321b8418993f9460c1a06b6f439d84ac0e9843e2eafcc6a782e19bfc84c6e7454d2abbf114bb91941a7475a7bdfb69370f54868bbe8
SSDEEP

49152:+aLH1nQ1WoBOkAhuzmTuVy63sa0xwfuC1Cx7tjyNHoQQNDZuz:B5nQ1TBYcz2uTLbC1tnlw

Score

10^/10

bitrat discovery trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

eacc561ae98cccf101c9297bcb2ea5ee_JaffaCakes118.exe

Resource

win7-20240708-en

bitrat discovery trojan upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

eacc561ae98cccf101c9297bcb2ea5ee_JaffaCakes118.exe

Resource

win10v2004-20240802-en

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  eacc561ae98cccf101c9297bcb2ea5ee_JaffaCakes118
- Size
  
  2.3MB
- MD5
  
  eacc561ae98cccf101c9297bcb2ea5ee
- SHA1
  
  da649c27ed406249a536856cfc7ea47cfe80e4f3
- SHA256
  
  76bb1098a0fc09328f1ac34847f16e4ad19d802ffb41ed2e2726aa42eae3a20e
- SHA512
  
  4afcdd91008607a8589ff321b8418993f9460c1a06b6f439d84ac0e9843e2eafcc6a782e19bfc84c6e7454d2abbf114bb91941a7475a7bdfb69370f54868bbe8
- SSDEEP
  
  49152:+aLH1nQ1WoBOkAhuzmTuVy63sa0xwfuC1Cx7tjyNHoQQNDZuz:B5nQ1TBYcz2uTLbC1tnlw
Score

10^/10

bitrat discovery trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- BitRAT payload
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bitratdiscoverytrojanupx

behavioral2

© 2018-2024

Terms | Privacy