5a6bf2c5bcad6098f5eed902fd2ab165.exe

General
Target

5a6bf2c5bcad6098f5eed902fd2ab165.exe

Size

2MB

Sample

211230-jh4zasffe6

Score
10 /10
MD5

5a6bf2c5bcad6098f5eed902fd2ab165

SHA1

169330abce1185aad9001fd590f8ea6952234a85

SHA256

06d093a1f7775df0391176bdee9e23b9856f95e0baa25c9d271e1854094235a2

SHA512

15821189aa69e7a35c6368c0898c7532f9cf43287ba4c6ace4c09885a2d175b9fbafc0cd6b463bfbc2ca721f1463a3904800fcee1133093d4802235072de35c1

Malware Config

Extracted

Family bitrat
Version 1.38
C2

178.20.40.235:7777

Attributes
communication_password
90518ace97affc6b80a96099c2928d6a
install_dir
Temp
install_file
$77lsass.exe
tor_process
tor
Targets
Target

5a6bf2c5bcad6098f5eed902fd2ab165.exe

MD5

5a6bf2c5bcad6098f5eed902fd2ab165

Filesize

2MB

Score
10/10
SHA1

169330abce1185aad9001fd590f8ea6952234a85

SHA256

06d093a1f7775df0391176bdee9e23b9856f95e0baa25c9d271e1854094235a2

SHA512

15821189aa69e7a35c6368c0898c7532f9cf43287ba4c6ace4c09885a2d175b9fbafc0cd6b463bfbc2ca721f1463a3904800fcee1133093d4802235072de35c1

Tags

Signatures

  • BitRAT

    Description

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    Tags

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10

                      behavioral2

                      10/10