32ca272da062d0997c8131b5488af9858420cb97ab7d67fb911afc37d45e4788

Target

Size

2MB

Sample

220106-yrz42acaaq

Score

10 ^/10

MD5

4136661e8a9689aca8802518294b02fe

SHA1

3f43207a00cd456fd54e783e95b20a849c09961b

SHA256

32ca272da062d0997c8131b5488af9858420cb97ab7d67fb911afc37d45e4788

SHA512

6d9290a19be178c2e561bb9209ee5bf7309a8d89922ebc3cc200756d6e85058aedce1a3df6c45149f2c677f61c98b8fee943d31807aece251799710ae42ec82e

Extracted

Family	bitrat
Version	1.38
C2	91.243.32.131:80 91.243.32.131:80
Attributes	communication_password 202cb962ac59075b964b07152d234b70 install_dir Defenderzone install_file syspro.exe tor_process tor

Target

32ca272da062d0997c8131b5488af9858420cb97ab7d67fb911afc37d45e4788

MD5

4136661e8a9689aca8802518294b02fe

Filesize

2MB

Score

10^/10

SHA1

3f43207a00cd456fd54e783e95b20a849c09961b

SHA256

32ca272da062d0997c8131b5488af9858420cb97ab7d67fb911afc37d45e4788

SHA512

6d9290a19be178c2e561bb9209ee5bf7309a8d89922ebc3cc200756d6e85058aedce1a3df6c45149f2c677f61c98b8fee943d31807aece251799710ae42ec82e

Signatures

BitRAT
Description

BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
Tags

trojan bitrat
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
Description

suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
Tags

suricata
Adds Run key to start application
Tags

persistence

TTPs

Registry Run Keys / Startup FolderModify Registry
Suspicious use of NtSetInformationThreadHideFromDebugger

Related Tasks

behavioral1

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

static1

behavioral1

bitrat persistence suricata trojan

10^/10

Extracted

Tags

Signatures

BitRAT

Description

Tags

suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)

Description

Tags

Adds Run key to start application

Tags

TTPs

Suspicious use of NtSetInformationThreadHideFromDebugger

Related Tasks

static1

behavioral1