bitrat | 95df308b52520264aa64cdb80e0cd936c3dd085f9a4c67a1139910195e53a084 | Triage

Submit
Reports

Overview

overview

Static

static

3

fd2307bb1d...18.exe

windows7-x64

fd2307bb1d...18.exe

windows10-2004-x64

Sharing

General

Target

fd2307bb1dc001cc2f57c6e8456830e4_JaffaCakes118
Size

4.9MB
Sample

240420-tt4ssacd74
MD5

fd2307bb1dc001cc2f57c6e8456830e4
SHA1

38df5464e7835fc25e998db3f309f612c700576e
SHA256

95df308b52520264aa64cdb80e0cd936c3dd085f9a4c67a1139910195e53a084
SHA512

ba70336ef566590f5ee7bf62f54d2be263053c94dcae97fe8db743601e9b28fe5bf524930a7c37c9d168be37ec70c4f8e0c245dd3f79d4db83518416cd1dfdfd
SSDEEP

98304:VPGh8a1eGf1XxfBdb1AaOdSPc18d0OJBPvFVvNO2OhTa39+jdw9VdQ5rzqOaAnDC:ZGh8ajf1XHF1AaOdIueFVvs2cTOcjyGw

Score

10^/10

bitrat persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fd2307bb1dc001cc2f57c6e8456830e4_JaffaCakes118.exe

Resource

win7-20240215-en

bitrat persistence trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

fd2307bb1dc001cc2f57c6e8456830e4_JaffaCakes118.exe

Resource

win10v2004-20240412-en

bitrat persistence trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

4napo6g3cp6av4hmxmwzi5lyojpfk3i2kl2tpssb2wvidqsa3kzo6eyd.onion:80

Attributes

communication_password
e10adc3949ba59abbe56e057f20f883e
install_dir
windir
install_file
win32.exe
tor_process
windows32

Targets

- Target
  
  fd2307bb1dc001cc2f57c6e8456830e4_JaffaCakes118
- Size
  
  4.9MB
- MD5
  
  fd2307bb1dc001cc2f57c6e8456830e4
- SHA1
  
  38df5464e7835fc25e998db3f309f612c700576e
- SHA256
  
  95df308b52520264aa64cdb80e0cd936c3dd085f9a4c67a1139910195e53a084
- SHA512
  
  ba70336ef566590f5ee7bf62f54d2be263053c94dcae97fe8db743601e9b28fe5bf524930a7c37c9d168be37ec70c4f8e0c245dd3f79d4db83518416cd1dfdfd
- SSDEEP
  
  98304:VPGh8a1eGf1XxfBdb1AaOdSPc18d0OJBPvFVvNO2OhTa39+jdw9VdQ5rzqOaAnDC:ZGh8ajf1XHF1AaOdIueFVvs2cTOcjyGw
Score

10^/10

bitrat persistence trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bitratpersistencetrojanupx

behavioral2

bitratpersistencetrojanupx

© 2018-2024

Terms | Privacy