bitrat | 5912c5fdd9cbf116f87e953f819895bf36a72850fb46e8bf142b9fbb56ab476e | Triage

Submit
Reports

Overview

overview

Static

static

3

FLASH BTC.exe

windows7-x64

FLASH BTC.exe

windows10-2004-x64

Sharing

General

Target

FLASH BTC.rar
Size

1.4MB
Sample

250112-a1hz4syqfl
MD5

fbe5fee96ca2f4749f59d3e3ee8588ce
SHA1

3dee430a32db1f9a862055793e17d2021248f8d1
SHA256

5912c5fdd9cbf116f87e953f819895bf36a72850fb46e8bf142b9fbb56ab476e
SHA512

e04e1dd5f78b45695ff1efb176eb4cbbb0a520128802cfe4f7244ba08884000192a2cd524e84905bf854bf581d32f43dda031a901ef0430411491b70dac4a298
SSDEEP

24576:qBg513KAIi91OmyMUr4oGRnMXM7CLyaupKJ1qsEJEmxx2N8EYhOn0F:HDpIg1dyxYnayHpK/IMN8EQOne

Score

10^/10

bitrat discovery persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

FLASH BTC.exe

Resource

win7-20240729-en

bitrat discovery persistence trojan upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

FLASH BTC.exe

Resource

win10v2004-20241007-en

bitrat discovery persistence trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

bitrat

Version

1.32

C2

23.239.28.245:4898

Attributes

communication_password
0f2cdafc6b1adf94892b17f355bd9110
install_dir
dllhost
install_file
dllhost.exe
tor_process
tor

Targets

- Target
  
  FLASH BTC.exe
- Size
  
  1.4MB
- MD5
  
  777ae7451aabc288b883f9b286b9fae7
- SHA1
  
  c4c29bc0edd084e95b1788aaa9a99dc6694d414d
- SHA256
  
  730f560bd68f0fdecce02be381339fb82a76145cdf762aed4fa140f1779f13b4
- SHA512
  
  9bde3874697a56837e382db8b70fbdc8b3a8a790ce67a5112cb67c2831c8bc66347857a0535d09d0971b1bf9355a2e44c0cc9a91f42778ac0de61e4f53c70919
- SSDEEP
  
  24576:GQNbVHOxMZlg4xdpyCW3xwEIl74jKnUBRNFk7mGq:/Zlg4xvtW3iEIasUnTG
Score

10^/10

bitrat discovery persistence trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Bitrat family
  bitrat
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bitratdiscoverypersistencetrojanupx

behavioral2

bitratdiscoverypersistencetrojanupx

© 2018-2025

Terms | Privacy