bitrat | b693010f3f342fb06dd959f2553b7937d5daeaf9b4b7fd800ed5a9a6d8a099e7 | Triage

Submit
Reports

Overview

overview

Static

static

3

SQLi v.8.5.exe

windows7-x64

SQLi v.8.5.exe

windows10-2004-x64

Sharing

General

Target

SQLi v.8.5.exe
Size

12.7MB
Sample

240602-lr35gaad22
MD5

d887c03a2d230dc196c8b3ac47030b9e
SHA1

b4d08bf36841ffdeb0750455021a707804f8d509
SHA256

b693010f3f342fb06dd959f2553b7937d5daeaf9b4b7fd800ed5a9a6d8a099e7
SHA512

6cee30d2448b930504f0933ca04e7f30fb3e1f2924d490146c0168308298d222cf5eb83885da405ba8fcd92b7f4979e23b4f9c706c936df5bfb52d2819022072
SSDEEP

196608:OhzlOFCwaHNFrXW+YrDkx/NNYz7vPmHpBt:2zMCwaHNlXW+Y/kx/TyPmj

Score

10^/10

bitrat persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

SQLi v.8.5.exe

Resource

win7-20240508-en

bitrat persistence trojan upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

SQLi v.8.5.exe

Resource

win10v2004-20240508-en

bitrat persistence trojan upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

bitrat

Version

1.34

C2

80.85.156.209:8080

Attributes

communication_password
ae5eb824ef87499f644c3f11a7176157
tor_process
tor

Targets

- Target
  
  SQLi v.8.5.exe
- Size
  
  12.7MB
- MD5
  
  d887c03a2d230dc196c8b3ac47030b9e
- SHA1
  
  b4d08bf36841ffdeb0750455021a707804f8d509
- SHA256
  
  b693010f3f342fb06dd959f2553b7937d5daeaf9b4b7fd800ed5a9a6d8a099e7
- SHA512
  
  6cee30d2448b930504f0933ca04e7f30fb3e1f2924d490146c0168308298d222cf5eb83885da405ba8fcd92b7f4979e23b4f9c706c936df5bfb52d2819022072
- SSDEEP
  
  196608:OhzlOFCwaHNFrXW+YrDkx/NNYz7vPmHpBt:2zMCwaHNlXW+Y/kx/TyPmj
Score

10^/10

bitrat persistence trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bitratpersistencetrojanupx

behavioral2

bitratpersistencetrojanupx

© 2018-2024

Terms | Privacy