253748ab89481d7cf40c9e52eaf28a939462b3a4e93a87215b1de4be81c69bff

General
Target

253748ab89481d7cf40c9e52eaf28a939462b3a4e93a87215b1de4be81c69bff

Size

4MB

Sample

220104-yyplwahggn

Score
10 /10
MD5

f96cc66dcb469f0c39ffa0c889bb0aee

SHA1

42ed3c6c969bac1c20919336db8b4325997c0474

SHA256

253748ab89481d7cf40c9e52eaf28a939462b3a4e93a87215b1de4be81c69bff

SHA512

97ea9f5d961dcb3de938a568262f757e24d6a059ce47d2aef000ab36362d67eefddbd343172227eea9dc41a8799e7ac632e19a357892f8468bf7d713a4b14b79

Malware Config

Extracted

Family bitrat
Version 1.38
C2

91.243.32.131:80

Attributes
communication_password
202cb962ac59075b964b07152d234b70
install_dir
Defenderzone
install_file
syspro.exe
tor_process
tor
Targets
Target

253748ab89481d7cf40c9e52eaf28a939462b3a4e93a87215b1de4be81c69bff

MD5

f96cc66dcb469f0c39ffa0c889bb0aee

Filesize

4MB

Score
10/10
SHA1

42ed3c6c969bac1c20919336db8b4325997c0474

SHA256

253748ab89481d7cf40c9e52eaf28a939462b3a4e93a87215b1de4be81c69bff

SHA512

97ea9f5d961dcb3de938a568262f757e24d6a059ce47d2aef000ab36362d67eefddbd343172227eea9dc41a8799e7ac632e19a357892f8468bf7d713a4b14b79

Tags

Signatures

  • BitRAT

    Description

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    Tags

  • suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)

    Description

    suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)

    Tags

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Suspicious use of NtSetInformationThreadHideFromDebugger

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Privilege Escalation
                      Tasks

                      static1