Description
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
59f5aa2f3938d9478d3275caaa5eda91.exe
General
Target
Size
Sample
59f5aa2f3938d9478d3275caaa5eda91.exe
271KB
220105-yd39jabaak
Score
10 /10
MD5
SHA1
SHA256
SHA512
59f5aa2f3938d9478d3275caaa5eda91
87fddce9bdff61168e35c09c09e04378137cfabc
2bbe399540ca6bbcb26444284ed0cf85c0840a1d36c8bf3ca670be78a4975410
bb9282b6f89a5d887d84bedf9a782a5c774158aa670a17bf0d532dbaf0f9b0e3f57d7ca1bc14c9de0f46de27b08fef7bd172f018fdc9108d395859f2edb8243e
Malware Config
Extracted
| Family | bitrat |
| Version | 1.35 |
| C2 |
storage.nsupdate.info:8973 |
| Attributes |
communication_password bf771c9d082071fe80b18bb678220682
tor_process tor |
Targets
Target
MD5
Filesize
59f5aa2f3938d9478d3275caaa5eda91.exe
59f5aa2f3938d9478d3275caaa5eda91
271KB
Score
10/10
SHA1
SHA256
SHA512
87fddce9bdff61168e35c09c09e04378137cfabc
2bbe399540ca6bbcb26444284ed0cf85c0840a1d36c8bf3ca670be78a4975410
bb9282b6f89a5d887d84bedf9a782a5c774158aa670a17bf0d532dbaf0f9b0e3f57d7ca1bc14c9de0f46de27b08fef7bd172f018fdc9108d395859f2edb8243e
Tags
Signatures
-
BitRAT
-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
Description
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
Tags
-
UPX packed file
Description
Detects executables packed with UPX/modified UPX open source packer.
Tags
-
Drops startup file
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks