bitrat | 78ac173de38f6be4ec1686d84a71082838154d42ed05e970b574a9e82b76800d | Triage

Submit
Reports

Overview

overview

Static

static

1

2b17e88121...18.exe

windows7-x64

2b17e88121...18.exe

windows10-2004-x64

Sharing

General

Target

2b17e88121f688966b5c9313e9680f01_JaffaCakes118
Size

2.3MB
Sample

241009-feadqsydrm
MD5

2b17e88121f688966b5c9313e9680f01
SHA1

8ea541ecfc7d8d0039262ac4d49507646973bdd2
SHA256

78ac173de38f6be4ec1686d84a71082838154d42ed05e970b574a9e82b76800d
SHA512

c6118eba8bfe3189c31d9b14daccbdef964a4525b10cb193a0634b75acb8cf05f7e44c5332977dd7a9c287a1c0b87914531b48523c277ae00207fef13626ee4b
SSDEEP

49152:QxuaNlMTwUu863Q8dWW//xHHyOQjznJH3ODjvtVMY:IrMkU58MKHyOiznJXCjvtKY

Score

10^/10

bitrat discovery trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

2b17e88121f688966b5c9313e9680f01_JaffaCakes118.exe

Resource

win7-20240903-en

bitrat discovery trojan upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

2b17e88121f688966b5c9313e9680f01_JaffaCakes118.exe

Resource

win10v2004-20241007-en

bitrat discovery trojan upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

204.77.8.221:5506

Attributes

communication_password
d74a214501c1c40b2c77e995082f3587
tor_process
tor

Targets

- Target
  
  2b17e88121f688966b5c9313e9680f01_JaffaCakes118
- Size
  
  2.3MB
- MD5
  
  2b17e88121f688966b5c9313e9680f01
- SHA1
  
  8ea541ecfc7d8d0039262ac4d49507646973bdd2
- SHA256
  
  78ac173de38f6be4ec1686d84a71082838154d42ed05e970b574a9e82b76800d
- SHA512
  
  c6118eba8bfe3189c31d9b14daccbdef964a4525b10cb193a0634b75acb8cf05f7e44c5332977dd7a9c287a1c0b87914531b48523c277ae00207fef13626ee4b
- SSDEEP
  
  49152:QxuaNlMTwUu863Q8dWW//xHHyOQjznJH3ODjvtVMY:IrMkU58MKHyOiznJXCjvtKY
Score

10^/10

bitrat discovery trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bitratdiscoverytrojanupx

behavioral2

bitratdiscoverytrojanupx

© 2018-2024

Terms | Privacy