bitrat | 8392d43e670759e8cecd9a68315de311af60b0f7ac60ca7e14731de2b1e4e6c8 | Triage

Submit
Reports

Overview

overview

Static

static

3

2025-03-12...uk.exe

windows7-x64

2025-03-12...uk.exe

windows10-2004-x64

Sharing

General

Target

2025-03-12_8d37a57790a7686b1f6a0dc87164403c_ryuk
Size

11.1MB
Sample

250312-b71zyasps4
MD5

8d37a57790a7686b1f6a0dc87164403c
SHA1

3c3676398699ca77d7d0c091511090fe741e70f3
SHA256

8392d43e670759e8cecd9a68315de311af60b0f7ac60ca7e14731de2b1e4e6c8
SHA512

00dee3e1369012feae29298762d65acea7f530472d5b181ccb49734a8654313f708fe3839309d11ebcb2c5871d738dd287d5d70cdae7f8f8bf0196d996fca087
SSDEEP

196608:WjPEzA/jerrNGD7+Ht2JneMeR5U8kB1eLOPwdrhEVSL2v8hpffR5vSGRNJpoEzoG:qPeAe8+0nQDQBPw5aVSLo8phZS0yEEC1

Score

10^/10

bitrat discovery execution persistence pyinstaller trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

2025-03-12_8d37a57790a7686b1f6a0dc87164403c_ryuk.exe

Resource

win7-20240903-en

bitrat discovery execution persistence trojan upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

2025-03-12_8d37a57790a7686b1f6a0dc87164403c_ryuk.exe

Resource

win10v2004-20250217-en

bitrat discovery execution persistence trojan upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

bitrat

Version

1.34

C2

23.105.131.220:4898

Attributes

communication_password
81dc9bdb52d04dc20036dbd8313ed055
tor_process
tor

Targets

- Target
  
  2025-03-12_8d37a57790a7686b1f6a0dc87164403c_ryuk
- Size
  
  11.1MB
- MD5
  
  8d37a57790a7686b1f6a0dc87164403c
- SHA1
  
  3c3676398699ca77d7d0c091511090fe741e70f3
- SHA256
  
  8392d43e670759e8cecd9a68315de311af60b0f7ac60ca7e14731de2b1e4e6c8
- SHA512
  
  00dee3e1369012feae29298762d65acea7f530472d5b181ccb49734a8654313f708fe3839309d11ebcb2c5871d738dd287d5d70cdae7f8f8bf0196d996fca087
- SSDEEP
  
  196608:WjPEzA/jerrNGD7+Ht2JneMeR5U8kB1eLOPwdrhEVSL2v8hpffR5vSGRNJpoEzoG:qPeAe8+0nQDQBPw5aVSLo8phZS0yEEC1
Score

10^/10

bitrat discovery execution persistence trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Bitrat family
  bitrat
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bitratdiscoveryexecutionpersistencetrojanupx

behavioral2

bitratdiscoveryexecutionpersistencetrojanupx

© 2018-2025

Terms | Privacy