Description
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
a65b75567794b4d9f2558c672bd07dd5.exe
General
Target
Size
Sample
a65b75567794b4d9f2558c672bd07dd5.exe
1MB
220107-qp4qfaccf2
Score
10 /10
MD5
SHA1
SHA256
SHA512
a65b75567794b4d9f2558c672bd07dd5
e217c9fde4b32680a11adf2200e673519f595bd3
cc7d7321cd0e93fb312ea39c0124256fa60b3335cd6632ec0e83ffb4bf2b3dc9
4388fc585cd542df150f427b2d7b4bea03de0cd51ce634dea5935215582990b55546f3e39ae172a6c142b0b96d83a659a6b14a336a622978c5d0a9de23062ccb
Malware Config
Extracted
| Family | bitrat |
| Version | 1.38 |
| C2 |
severdops.ddns.net:3071 |
| Attributes |
communication_password 29ef52e7563626a96cea7f4b4085c124
install_dir msWORLD
install_file excel.exe
tor_process tor |
Targets
Target
MD5
Filesize
a65b75567794b4d9f2558c672bd07dd5.exe
a65b75567794b4d9f2558c672bd07dd5
1MB
Score
10/10
SHA1
SHA256
SHA512
e217c9fde4b32680a11adf2200e673519f595bd3
cc7d7321cd0e93fb312ea39c0124256fa60b3335cd6632ec0e83ffb4bf2b3dc9
4388fc585cd542df150f427b2d7b4bea03de0cd51ce634dea5935215582990b55546f3e39ae172a6c142b0b96d83a659a6b14a336a622978c5d0a9de23062ccb
Tags
Signatures
-
BitRAT
-
UPX packed file
Description
Detects executables packed with UPX/modified UPX open source packer.
Tags
-
Adds Run key to start application
Tags
TTPs
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks