bitrat | ed857cb8db7feb60827f28be33098db83bb25fa2191b133eedc5b4b29907abd5 | Triage

Submit
Reports

Overview

overview

Static

static

5effe67926...3f.exe

windows7_x64

5effe67926...3f.exe

windows10_x64

Sharing

General

Target

5effe6792620b5d512905695003baa3f.exe
Size

2.3MB
Sample

220107-jptrxacddm
MD5

5effe6792620b5d512905695003baa3f
SHA1

0a98f5acfcd5a0efb4989d4513b6b8861438777d
SHA256

ed857cb8db7feb60827f28be33098db83bb25fa2191b133eedc5b4b29907abd5
SHA512

67630485b4cd44a612274c146aabef67b5d0f0c0ddfb0f8c34367985e43ccef25cd35d8583952bc73281b5fedb9d8e05a67ad326cdfae9c67ae858ce2c2c1a09

Score

10^/10

bitrat mimikatz persistence suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

5effe6792620b5d512905695003baa3f.exe

Resource

win7-en-20211208

bitrat mimikatz persistence suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

5effe6792620b5d512905695003baa3f.exe

Resource

win10-en-20211208

bitrat persistence suricata trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

91.243.32.131:80

Attributes

communication_password
202cb962ac59075b964b07152d234b70
install_dir
Defenderzone
install_file
syspro.exe
tor_process
tor

Targets

- Target
  
  5effe6792620b5d512905695003baa3f.exe
- Size
  
  2.3MB
- MD5
  
  5effe6792620b5d512905695003baa3f
- SHA1
  
  0a98f5acfcd5a0efb4989d4513b6b8861438777d
- SHA256
  
  ed857cb8db7feb60827f28be33098db83bb25fa2191b133eedc5b4b29907abd5
- SHA512
  
  67630485b4cd44a612274c146aabef67b5d0f0c0ddfb0f8c34367985e43ccef25cd35d8583952bc73281b5fedb9d8e05a67ad326cdfae9c67ae858ce2c2c1a09
Score

10^/10

bitrat mimikatz persistence suricata trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Mimikatz
  mimikatz is an open source tool to dump credentials on Windows.
  mimikatz
- suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
  suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
  suricata
- mimikatz is an open source tool to dump credentials on Windows
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bitratmimikatzpersistencesuricatatrojan

behavioral2

bitratpersistencesuricatatrojan

© 2018-2024

Terms | Privacy