bitrat | 293440eae97b7c052aeaffd6855b2eda065b0b8fd452a830a9bf3c6637a20f4a | Triage

Submit
Reports

Overview

overview

Static

static

1

fa730d83b4...18.exe

windows7-x64

fa730d83b4...18.exe

windows10-2004-x64

Sharing

General

Target

fa730d83b4be4c873039dc585f958d7c_JaffaCakes118
Size

2.7MB
Sample

241218-g7aewaylbn
MD5

fa730d83b4be4c873039dc585f958d7c
SHA1

95f5cef4663ceb749ca98131734bb001d618458f
SHA256

293440eae97b7c052aeaffd6855b2eda065b0b8fd452a830a9bf3c6637a20f4a
SHA512

2870816e65670af2b1675dc6b3e48ae6e297adc15330c1ce3e0c9ae276136a122a3fe46175c389d93014938a080bb70bc7824f5adc4b831818ee8a707a24589b
SSDEEP

49152:DdbNhMYCLtVRgf3FEyzLrU2OzPaWBA22ynoyHORZ/nXX2WAoF:hPuCf1EyHo20PaP2VoyHGZ/XXyU

Score

10^/10

bitrat discovery execution trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

fa730d83b4be4c873039dc585f958d7c_JaffaCakes118.exe

Resource

win7-20240729-en

bitrat discovery execution trojan upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

fa730d83b4be4c873039dc585f958d7c_JaffaCakes118.exe

Resource

win10v2004-20241007-en

bitrat discovery execution trojan upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

bitrat

Version

1.35

C2

storage.nsupdate.info:8973

Attributes

communication_password
bf771c9d082071fe80b18bb678220682
tor_process
tor

Targets

- Target
  
  fa730d83b4be4c873039dc585f958d7c_JaffaCakes118
- Size
  
  2.7MB
- MD5
  
  fa730d83b4be4c873039dc585f958d7c
- SHA1
  
  95f5cef4663ceb749ca98131734bb001d618458f
- SHA256
  
  293440eae97b7c052aeaffd6855b2eda065b0b8fd452a830a9bf3c6637a20f4a
- SHA512
  
  2870816e65670af2b1675dc6b3e48ae6e297adc15330c1ce3e0c9ae276136a122a3fe46175c389d93014938a080bb70bc7824f5adc4b831818ee8a707a24589b
- SSDEEP
  
  49152:DdbNhMYCLtVRgf3FEyzLrU2OzPaWBA22ynoyHORZ/nXX2WAoF:hPuCf1EyHo20PaP2VoyHGZ/XXyU
Score

10^/10

bitrat discovery execution trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Bitrat family
  bitrat
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bitratdiscoveryexecutiontrojanupx

behavioral2

bitratdiscoveryexecutiontrojanupx

© 2018-2024

Terms | Privacy