bitrat | bff5cf19832985267c5470e30de4c0c948a4920e1442817a65ee5e25688c30ff | Triage

Sharing

General

Target

tmp/26467645-5f24-46be-8c53-fbe1f50a4e82_OneDriveSrv.exe
Size

3.8MB
Sample

211226-1wpvzaadhn
MD5

0d07fefaea7c703dcec48de25636143d
SHA1

8961c4024bb979f93e3abec8adf6b7087327a2f1
SHA256

bff5cf19832985267c5470e30de4c0c948a4920e1442817a65ee5e25688c30ff
SHA512

f8ef0d94162c72cc3e0ced64231f424e5826f43dcc8455f0a79820b609149cfdd18f658f6b41d9e99501539902eaf14893bc9f0dc9498f9bfa76e17bfb01a4b4

Score

10^/10

bitrat persistence trojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

0x0x0pp.duckdns.org:1313

Attributes

communication_password
f65684e459131fe80206668d5a686f4d
install_dir
Microsoft OneDrive
install_file
OneDriveSrv.exe
tor_process
tor

Targets

- Target
  
  tmp/26467645-5f24-46be-8c53-fbe1f50a4e82_OneDriveSrv.exe
- Size
  
  3.8MB
- MD5
  
  0d07fefaea7c703dcec48de25636143d
- SHA1
  
  8961c4024bb979f93e3abec8adf6b7087327a2f1
- SHA256
  
  bff5cf19832985267c5470e30de4c0c948a4920e1442817a65ee5e25688c30ff
- SHA512
  
  f8ef0d94162c72cc3e0ced64231f424e5826f43dcc8455f0a79820b609149cfdd18f658f6b41d9e99501539902eaf14893bc9f0dc9498f9bfa76e17bfb01a4b4
Score

10^/10

bitrat persistence trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bitratpersistencetrojan

behavioral2

bitratpersistencetrojan