bitrat | 253748ab89481d7cf40c9e52eaf28a939462b3a4e93a87215b1de4be81c69bff | Triage

Sharing

General

Target

253748ab89481d7cf40c9e52eaf28a939462b3a4e93a87215b1de4be81c69bff
Size

4.2MB
Sample

220104-yyplwahggn
MD5

f96cc66dcb469f0c39ffa0c889bb0aee
SHA1

42ed3c6c969bac1c20919336db8b4325997c0474
SHA256

253748ab89481d7cf40c9e52eaf28a939462b3a4e93a87215b1de4be81c69bff
SHA512

97ea9f5d961dcb3de938a568262f757e24d6a059ce47d2aef000ab36362d67eefddbd343172227eea9dc41a8799e7ac632e19a357892f8468bf7d713a4b14b79

Score

10^/10

bitrat persistence suricata trojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

91.243.32.131:80

Attributes

communication_password
202cb962ac59075b964b07152d234b70
install_dir
Defenderzone
install_file
syspro.exe
tor_process
tor

Targets

- Target
  
  253748ab89481d7cf40c9e52eaf28a939462b3a4e93a87215b1de4be81c69bff
- Size
  
  4.2MB
- MD5
  
  f96cc66dcb469f0c39ffa0c889bb0aee
- SHA1
  
  42ed3c6c969bac1c20919336db8b4325997c0474
- SHA256
  
  253748ab89481d7cf40c9e52eaf28a939462b3a4e93a87215b1de4be81c69bff
- SHA512
  
  97ea9f5d961dcb3de938a568262f757e24d6a059ce47d2aef000ab36362d67eefddbd343172227eea9dc41a8799e7ac632e19a357892f8468bf7d713a4b14b79
Score

10^/10

bitrat persistence suricata trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
  suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
  suricata
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bitratpersistencesuricatatrojan