32ca272da062d0997c8131b5488af9858420cb97ab7d67fb911afc37d45e4788

General
Target

32ca272da062d0997c8131b5488af9858420cb97ab7d67fb911afc37d45e4788

Size

2MB

Sample

220106-yrz42acaaq

Score
10 /10
MD5

4136661e8a9689aca8802518294b02fe

SHA1

3f43207a00cd456fd54e783e95b20a849c09961b

SHA256

32ca272da062d0997c8131b5488af9858420cb97ab7d67fb911afc37d45e4788

SHA512

6d9290a19be178c2e561bb9209ee5bf7309a8d89922ebc3cc200756d6e85058aedce1a3df6c45149f2c677f61c98b8fee943d31807aece251799710ae42ec82e

Malware Config

Extracted

Family bitrat
Version 1.38
C2

91.243.32.131:80

Attributes
communication_password
202cb962ac59075b964b07152d234b70
install_dir
Defenderzone
install_file
syspro.exe
tor_process
tor
Targets
Target

32ca272da062d0997c8131b5488af9858420cb97ab7d67fb911afc37d45e4788

MD5

4136661e8a9689aca8802518294b02fe

Filesize

2MB

Score
10/10
SHA1

3f43207a00cd456fd54e783e95b20a849c09961b

SHA256

32ca272da062d0997c8131b5488af9858420cb97ab7d67fb911afc37d45e4788

SHA512

6d9290a19be178c2e561bb9209ee5bf7309a8d89922ebc3cc200756d6e85058aedce1a3df6c45149f2c677f61c98b8fee943d31807aece251799710ae42ec82e

Tags

Signatures

  • BitRAT

    Description

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    Tags

  • suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)

    Description

    suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)

    Tags

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Suspicious use of NtSetInformationThreadHideFromDebugger

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Privilege Escalation
                      Tasks

                      static1