bitrat | 5e31feaf8299df1bf7a4109f5dacba46ebf31841a0ca5fc3ad33711a9abaa9bf | Triage

Resubmissions

23-12-2021 18:12

211223-wtbhcabdf2 10

21-12-2021 19:12

211221-xwtmdaedh9 10

Sharing

General

Target

5e31feaf8299df1bf7a4109f5dacba46ebf31841a0ca5fc3ad33711a9abaa9bf.bin
Size

3.8MB
Sample

211223-wtbhcabdf2
MD5

ef4695a037ab11fae5f83dc17202aabe
SHA1

b793cb372eaa57cdd8a0c997527f43819c4c01ed
SHA256

5e31feaf8299df1bf7a4109f5dacba46ebf31841a0ca5fc3ad33711a9abaa9bf
SHA512

12e74d7f9f45ac11e3e846c0162825a6f17fb9599ffe618a3cbdc615e91cfbc8f70723df2aa485396250c39d0c8b247b49afa74ec0237525977ba38cda521b3d

Score

10^/10

bitrat persistence trojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

jairoandresotalvarorend.linkpc.net:9083

Attributes

communication_password
bfdba24ee3d61f0260c4dc1034c3ee43
install_dir
winlogomwindefenders
install_file
winlogomwindefender.exe
tor_process
tor

Targets

- Target
  
  5e31feaf8299df1bf7a4109f5dacba46ebf31841a0ca5fc3ad33711a9abaa9bf.bin
- Size
  
  3.8MB
- MD5
  
  ef4695a037ab11fae5f83dc17202aabe
- SHA1
  
  b793cb372eaa57cdd8a0c997527f43819c4c01ed
- SHA256
  
  5e31feaf8299df1bf7a4109f5dacba46ebf31841a0ca5fc3ad33711a9abaa9bf
- SHA512
  
  12e74d7f9f45ac11e3e846c0162825a6f17fb9599ffe618a3cbdc615e91cfbc8f70723df2aa485396250c39d0c8b247b49afa74ec0237525977ba38cda521b3d
Score

10^/10

bitrat persistence trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bitratpersistencetrojan

behavioral2

bitratpersistencetrojan