bitrat | 4dbfb66b1aca617e4af7d11dcc9d97b11e61e94b188283a8f17f9078df30dbec | Triage

Submit
Reports

Overview

overview

Static

static

0b032e83c3...42.exe

windows7_x64

0b032e83c3...42.exe

windows10_x64

Sharing

General

Target

0b032e83c3a78f61fa3bf9cebd5a0242.exe
Size

4.5MB
Sample

211230-j3vw5aeccj
MD5

0b032e83c3a78f61fa3bf9cebd5a0242
SHA1

f39705cde333b8c104f0a0381aa85de5a9d40e23
SHA256

4dbfb66b1aca617e4af7d11dcc9d97b11e61e94b188283a8f17f9078df30dbec
SHA512

776674d9a1e9ec68dd4f2a3d4deaf7eec921b3a306874f15956a70491bf6bb166d7994039dc724afcc1e1ed9150a91116965a79e8a320e37dced402d258e5a77

Score

10^/10

bitrat suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

0b032e83c3a78f61fa3bf9cebd5a0242.exe

Resource

win7-en-20211208

bitrat suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

0b032e83c3a78f61fa3bf9cebd5a0242.exe

Resource

win10-en-20211208

bitrat suricata trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

queentaline.ddns.net:1117

Attributes

communication_password
202cb962ac59075b964b07152d234b70
tor_process
tor

Targets

- Target
  
  0b032e83c3a78f61fa3bf9cebd5a0242.exe
- Size
  
  4.5MB
- MD5
  
  0b032e83c3a78f61fa3bf9cebd5a0242
- SHA1
  
  f39705cde333b8c104f0a0381aa85de5a9d40e23
- SHA256
  
  4dbfb66b1aca617e4af7d11dcc9d97b11e61e94b188283a8f17f9078df30dbec
- SHA512
  
  776674d9a1e9ec68dd4f2a3d4deaf7eec921b3a306874f15956a70491bf6bb166d7994039dc724afcc1e1ed9150a91116965a79e8a320e37dced402d258e5a77
Score

10^/10

bitrat suricata trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
  suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
  suricata
- Deletes itself
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bitratsuricatatrojan

behavioral2

bitratsuricatatrojan

© 2018-2024

Terms | Privacy