bitrat | 0a99a8953769de42b0a9673ed1e8003793b5228a225f4b8a5d7a3f2c80fb1146 | Triage

Submit
Reports

Overview

overview

Static

static

0a99a89537...6N.exe

windows7-x64

0a99a89537...6N.exe

windows10-2004-x64

Sharing

General

Target

0a99a8953769de42b0a9673ed1e8003793b5228a225f4b8a5d7a3f2c80fb1146N
Size

7.8MB
Sample

240920-lx49qa1bpp
MD5

5d7a6871f5d94d0283ffd09ce9a10e50
SHA1

d9b4e1aa67f2cfb503d879452fa0852ba7284590
SHA256

0a99a8953769de42b0a9673ed1e8003793b5228a225f4b8a5d7a3f2c80fb1146
SHA512

db0e33d9c363c5fec6c538d1e1f4e985026d72eb0326d85a06f8f3b2e8a0b801c63f1e9d06133f0c3c2d5b0cacac7bef2180d58b31decd7e2a9ec7bbc650908f
SSDEEP

196608:CWx+Kdiqx6F9lxwhzav1yo31CPwDv3uFZjeg2EeJUO9WLQkDxtw3iFFrS6XOfTV4:CWxVdiX/xwZ6v1CPwDv3uFteg2EeJUOf

Score

10^/10

bitrat discovery persistence trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

0a99a8953769de42b0a9673ed1e8003793b5228a225f4b8a5d7a3f2c80fb1146N.exe

Resource

win7-20240708-en

bitrat discovery persistence trojan upx

windows7-x64

15 signatures

120 seconds

Behavioral task

behavioral2

Sample

0a99a8953769de42b0a9673ed1e8003793b5228a225f4b8a5d7a3f2c80fb1146N.exe

Resource

win10v2004-20240802-en

bitrat discovery persistence trojan upx

windows10-2004-x64

15 signatures

120 seconds

Malware Config

Extracted

Family

bitrat

Version

1.35

C2

hijy62t5b43fhu3dblgep4drtoqjpfi7jgxqaectce2verypcui3qbad.onion:80

Attributes

communication_password
202cb962ac59075b964b07152d234b70
install_dir
mucro
install_file
micro.exe
tor_process
mschostw

Targets

- Target
  
  0a99a8953769de42b0a9673ed1e8003793b5228a225f4b8a5d7a3f2c80fb1146N
- Size
  
  7.8MB
- MD5
  
  5d7a6871f5d94d0283ffd09ce9a10e50
- SHA1
  
  d9b4e1aa67f2cfb503d879452fa0852ba7284590
- SHA256
  
  0a99a8953769de42b0a9673ed1e8003793b5228a225f4b8a5d7a3f2c80fb1146
- SHA512
  
  db0e33d9c363c5fec6c538d1e1f4e985026d72eb0326d85a06f8f3b2e8a0b801c63f1e9d06133f0c3c2d5b0cacac7bef2180d58b31decd7e2a9ec7bbc650908f
- SSDEEP
  
  196608:CWx+Kdiqx6F9lxwhzav1yo31CPwDv3uFZjeg2EeJUO9WLQkDxtw3iFFrS6XOfTV4:CWxVdiX/xwZ6v1CPwDv3uFteg2EeJUOf
Score

10^/10

bitrat discovery persistence trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bitratdiscoverypersistencetrojanupx

behavioral2

bitratdiscoverypersistencetrojanupx

© 2018-2024

Terms | Privacy