Description
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
DHL Shipment Note.exe
General
Target
Size
Sample
DHL Shipment Note.exe
267KB
220108-jj9aeadcdn
Score
10 /10
MD5
SHA1
SHA256
SHA512
088ef2cfabd6e8b52832f5e358bfff6b
4c389ccc2ac9809b315b5ba1b3d3fe3edcf9876d
3bdd75cf5a2b26bbf10f298f3071b2d7c7a79b33f880eb3f26c3276baceaac1f
0101392d09c48ab7d70582f267dc86d765c77161cfc34ec8cc0ff0a527a46178b4c487a0810a946caab28c4ae6d03cb7134dad0dee13e5563a53135b1c1f992c
Malware Config
Extracted
| Family | bitrat |
| Version | 1.38 |
| C2 |
severdops.ddns.net:3071 |
| Attributes |
communication_password 29ef52e7563626a96cea7f4b4085c124
install_dir msWORLD
install_file excel.exe
tor_process tor |
Targets
Target
MD5
Filesize
DHL Shipment Note.exe
088ef2cfabd6e8b52832f5e358bfff6b
267KB
Score
10/10
SHA1
SHA256
SHA512
4c389ccc2ac9809b315b5ba1b3d3fe3edcf9876d
3bdd75cf5a2b26bbf10f298f3071b2d7c7a79b33f880eb3f26c3276baceaac1f
0101392d09c48ab7d70582f267dc86d765c77161cfc34ec8cc0ff0a527a46178b4c487a0810a946caab28c4ae6d03cb7134dad0dee13e5563a53135b1c1f992c
Tags
Signatures
-
BitRAT
-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
Description
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
Tags
-
Downloads MZ/PE file
-
Executes dropped EXE
-
UPX packed file
Description
Detects executables packed with UPX/modified UPX open source packer.
Tags
-
Loads dropped DLL
-
Adds Run key to start application
Tags
TTPs
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks