bitrat | 2b82105ff0273e98abbfa2708e7b25dcb5eebab0344a3de1fd9bcfd841281912 | Triage

Sharing

General

Target

2b82105ff0273e98abbfa2708e7b25dcb5eebab0344a3de1fd9bcfd841281912
Size

4.2MB
Sample

220105-pl343aafbk
MD5

99e35efb08a65b2cd59aa0cc8e27a64d
SHA1

c24cd0527cbef8c76fbe386ce81cc844cc5acb36
SHA256

2b82105ff0273e98abbfa2708e7b25dcb5eebab0344a3de1fd9bcfd841281912
SHA512

029ef3b887f3683142ba18c5c72cfcd17931f63bc4397f5942370427b4a4c7fc1ee22789254da525c57dfc4a6d1818f12cc65cc3a4bec79fd2efffb17bc106f2

Score

10^/10

bitrat persistence suricata trojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

91.243.32.131:80

Attributes

communication_password
202cb962ac59075b964b07152d234b70
install_dir
Defenderzone
install_file
syspro.exe
tor_process
tor

Targets

- Target
  
  2b82105ff0273e98abbfa2708e7b25dcb5eebab0344a3de1fd9bcfd841281912
- Size
  
  4.2MB
- MD5
  
  99e35efb08a65b2cd59aa0cc8e27a64d
- SHA1
  
  c24cd0527cbef8c76fbe386ce81cc844cc5acb36
- SHA256
  
  2b82105ff0273e98abbfa2708e7b25dcb5eebab0344a3de1fd9bcfd841281912
- SHA512
  
  029ef3b887f3683142ba18c5c72cfcd17931f63bc4397f5942370427b4a4c7fc1ee22789254da525c57dfc4a6d1818f12cc65cc3a4bec79fd2efffb17bc106f2
Score

10^/10

bitrat persistence suricata trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
  suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
  suricata
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bitratpersistencesuricatatrojan