Description
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
5effe6792620b5d512905695003baa3f.exe
General
Target
Size
Sample
5effe6792620b5d512905695003baa3f.exe
2MB
220107-jptrxacddm
Score
10 /10
MD5
SHA1
SHA256
SHA512
5effe6792620b5d512905695003baa3f
0a98f5acfcd5a0efb4989d4513b6b8861438777d
ed857cb8db7feb60827f28be33098db83bb25fa2191b133eedc5b4b29907abd5
67630485b4cd44a612274c146aabef67b5d0f0c0ddfb0f8c34367985e43ccef25cd35d8583952bc73281b5fedb9d8e05a67ad326cdfae9c67ae858ce2c2c1a09
Malware Config
Extracted
| Family | bitrat |
| Version | 1.38 |
| C2 |
91.243.32.131:80 |
| Attributes |
communication_password 202cb962ac59075b964b07152d234b70
install_dir Defenderzone
install_file syspro.exe
tor_process tor |
Targets
Target
MD5
Filesize
5effe6792620b5d512905695003baa3f.exe
5effe6792620b5d512905695003baa3f
2MB
Score
10/10
SHA1
SHA256
SHA512
0a98f5acfcd5a0efb4989d4513b6b8861438777d
ed857cb8db7feb60827f28be33098db83bb25fa2191b133eedc5b4b29907abd5
67630485b4cd44a612274c146aabef67b5d0f0c0ddfb0f8c34367985e43ccef25cd35d8583952bc73281b5fedb9d8e05a67ad326cdfae9c67ae858ce2c2c1a09
Tags
Signatures
-
BitRAT
-
Mimikatz
Description
mimikatz is an open source tool to dump credentials on Windows.
Tags
-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
Description
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
Tags
-
mimikatz is an open source tool to dump credentials on Windows
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
Tags
TTPs
-
Suspicious use of NtSetInformationThreadHideFromDebugger
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks