0b032e83c3a78f61fa3bf9cebd5a0242.exe

Target

Size

4MB

Sample

211230-j3vw5aeccj

Score

10 ^/10

MD5

0b032e83c3a78f61fa3bf9cebd5a0242

SHA1

f39705cde333b8c104f0a0381aa85de5a9d40e23

SHA256

4dbfb66b1aca617e4af7d11dcc9d97b11e61e94b188283a8f17f9078df30dbec

SHA512

776674d9a1e9ec68dd4f2a3d4deaf7eec921b3a306874f15956a70491bf6bb166d7994039dc724afcc1e1ed9150a91116965a79e8a320e37dced402d258e5a77

Extracted

Family	bitrat
Version	1.38
C2	queentaline.ddns.net:1117 queentaline.ddns.net:1117
Attributes	communication_password 202cb962ac59075b964b07152d234b70 tor_process tor

Target

0b032e83c3a78f61fa3bf9cebd5a0242.exe

MD5

0b032e83c3a78f61fa3bf9cebd5a0242

Filesize

4MB

Score

10^/10

SHA1

f39705cde333b8c104f0a0381aa85de5a9d40e23

SHA256

4dbfb66b1aca617e4af7d11dcc9d97b11e61e94b188283a8f17f9078df30dbec

SHA512

776674d9a1e9ec68dd4f2a3d4deaf7eec921b3a306874f15956a70491bf6bb166d7994039dc724afcc1e1ed9150a91116965a79e8a320e37dced402d258e5a77

Signatures

BitRAT
Description

BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
Tags

trojan bitrat
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
Description

suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
Tags

suricata
Deletes itself
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

System Information Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Scheduled Task

Privilege Escalation

static1

behavioral1

bitrat suricata trojan

10^/10

behavioral2

bitrat suricata trojan

10^/10

Extracted

Tags

Signatures

BitRAT

Description

Tags

suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)

Description

Tags

Deletes itself

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

Related Tasks

static1

behavioral1

behavioral2