bitrat | aee478258bbebf0a4cb76eb703c210fa363edbb22d484fe3e6fbcf5f2c3d1af4 | Triage

Submit
Reports

Overview

overview

Static

static

3

6c2934d4_b...is.exe

windows10-ltsc 2021-x64

Resubmissions

03/03/2025, 05:49

250303-gjhrcayxf1 10

26/04/2021, 22:57

210426-27fq4xrdvx 10

Sharing

General

Target

6c2934d4_by_Libranalysis
Size

3.5MB
Sample

250303-gjhrcayxf1
MD5

6c2934d437e948bf2727a4358edb9a59
SHA1

f5a10d17ebb6c2bd247156387d19accc6819cd3f
SHA256

aee478258bbebf0a4cb76eb703c210fa363edbb22d484fe3e6fbcf5f2c3d1af4
SHA512

ccb7c83a5c4f9f96aeeb03ee1460d964bae698e7a0d6b3aec1ab96af0ca7230173023c5c3b1cef29283053153181c69aec3a96bb027e3b39a94fd50ccdf5c246
SSDEEP

98304:CUXQ+L8dHaxE8npS7rpjYSxFnwKfLzy7iV/mtmY2:C6LKHaWCp/SHPje7iV/

Score

10^/10

bitrat discovery persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6c2934d4_by_Libranalysis.exe

Resource

win10ltsc2021-20250217-en

bitrat discovery persistence trojan upx

windows10-ltsc 2021-x64

18 signatures

300 seconds

Malware Config

Extracted

Family

bitrat

Version

1.35

C2

23.105.131.209:8888

Attributes

communication_password
cfcd208495d565ef66e7dff9f98764da
tor_process
tor

Targets

- Target
  
  6c2934d4_by_Libranalysis
- Size
  
  3.5MB
- MD5
  
  6c2934d437e948bf2727a4358edb9a59
- SHA1
  
  f5a10d17ebb6c2bd247156387d19accc6819cd3f
- SHA256
  
  aee478258bbebf0a4cb76eb703c210fa363edbb22d484fe3e6fbcf5f2c3d1af4
- SHA512
  
  ccb7c83a5c4f9f96aeeb03ee1460d964bae698e7a0d6b3aec1ab96af0ca7230173023c5c3b1cef29283053153181c69aec3a96bb027e3b39a94fd50ccdf5c246
- SSDEEP
  
  98304:CUXQ+L8dHaxE8npS7rpjYSxFnwKfLzy7iV/mtmY2:C6LKHaWCp/SHPje7iV/
Score

10^/10

bitrat discovery persistence trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Bitrat family
  bitrat
- Modifies WinLogon for persistence
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bitratdiscoverypersistencetrojanupx

© 2018-2025

Terms | Privacy