bitrat | 892fe797710cbdda052f494e1979a339c14f96220d3d1a7c51d4f28ef47385de | Triage

Resubmissions

23-12-2021 11:09

211223-m84m1aadej 10

23-12-2021 08:55

211223-kvgj7sabdn 10

Sharing

General

Target

jogb
Size

2.3MB
Sample

211223-kvgj7sabdn
MD5

cf11336d198c7034cb4e2a28c04d8898
SHA1

50363fb0351f85d10faa9fd2729129f8753ab60f
SHA256

892fe797710cbdda052f494e1979a339c14f96220d3d1a7c51d4f28ef47385de
SHA512

a35a642a5aaa42b446b480ae63b9cddf3da4ef3720e71e65092ac36c497956cff06587da171145e53b189cb0ff10b65925e21eeb7ba15c38ad8920533099a43c

Score

10^/10

bitrat persistence trojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

2.56.57.68:3678

Attributes

communication_password
46821e93230f353d5c46240b0462a0fe
tor_process
tor

Targets

- Target
  
  jogb
- Size
  
  2.3MB
- MD5
  
  cf11336d198c7034cb4e2a28c04d8898
- SHA1
  
  50363fb0351f85d10faa9fd2729129f8753ab60f
- SHA256
  
  892fe797710cbdda052f494e1979a339c14f96220d3d1a7c51d4f28ef47385de
- SHA512
  
  a35a642a5aaa42b446b480ae63b9cddf3da4ef3720e71e65092ac36c497956cff06587da171145e53b189cb0ff10b65925e21eeb7ba15c38ad8920533099a43c
Score

10^/10

bitrat persistence trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bitratpersistencetrojan

behavioral2

bitratpersistencetrojan