Description
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
f10d43cfd07a986f1f3c75eb7c90af7e1d841530709f8dcac64bfbfcb53ec736
General
Target
Size
Sample
f10d43cfd07a986f1f3c75eb7c90af7e1d841530709f8dcac64bfbfcb53ec736
2MB
220107-a3qsqscbcr
Score
10 /10
MD5
SHA1
SHA256
SHA512
0a7dba172f5485536a67007bbb67f209
7352fbbee9419e6afe958bfd34d55ffafeda0d58
f10d43cfd07a986f1f3c75eb7c90af7e1d841530709f8dcac64bfbfcb53ec736
6f2c94a396ed78e925c0d3dd6926498a7ba78bb5a111287b5c0b1122681e196fc526496a433e5b3b431988a5d6eb75218d0b5c814971163dbc489193454d14ba
Malware Config
Extracted
| Family | bitrat |
| Version | 1.38 |
| C2 |
severdops.ddns.net:3071 |
| Attributes |
communication_password 29ef52e7563626a96cea7f4b4085c124
tor_process tor |
Targets
Target
MD5
Filesize
f10d43cfd07a986f1f3c75eb7c90af7e1d841530709f8dcac64bfbfcb53ec736
0a7dba172f5485536a67007bbb67f209
2MB
Score
10/10
SHA1
SHA256
SHA512
7352fbbee9419e6afe958bfd34d55ffafeda0d58
f10d43cfd07a986f1f3c75eb7c90af7e1d841530709f8dcac64bfbfcb53ec736
6f2c94a396ed78e925c0d3dd6926498a7ba78bb5a111287b5c0b1122681e196fc526496a433e5b3b431988a5d6eb75218d0b5c814971163dbc489193454d14ba
Tags
Signatures
-
BitRAT
-
Windows security bypass
Tags
TTPs
-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
Description
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
Tags
-
UPX packed file
Description
Detects executables packed with UPX/modified UPX open source packer.
Tags
-
Windows security modification
Tags
TTPs
-
Adds Run key to start application
Tags
TTPs
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks