Description
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
RECEIPTUSD97.00.exe
General
Target
Size
Sample
RECEIPTUSD97.00.exe
1MB
220110-l2srgseba3
Score
10 /10
MD5
SHA1
SHA256
SHA512
08e0f6fc015b6008f3d0e583c94c8772
ea87a156303f0cd82266734f7f9678faecffa18b
84e9426e79655328d7e51384cd16697772d5fa8043ef793e4777ec7e3c38c6d0
bf340c263cf3a4c1d1d58304ce921f228e2e20a70eef29322ee01894a5b7b68b5646fd800a3c4ea826472450195b7228166272b9afff750f057f8bcdd514a35c
Malware Config
Extracted
| Family | bitrat |
| Version | 1.38 |
| C2 |
bitpeople.duckdns.org:9173 |
| Attributes |
communication_password 81dc9bdb52d04dc20036dbd8313ed055
tor_process tor |
Targets
Target
MD5
Filesize
RECEIPTUSD97.00.exe
08e0f6fc015b6008f3d0e583c94c8772
1MB
Score
10/10
SHA1
SHA256
SHA512
ea87a156303f0cd82266734f7f9678faecffa18b
84e9426e79655328d7e51384cd16697772d5fa8043ef793e4777ec7e3c38c6d0
bf340c263cf3a4c1d1d58304ce921f228e2e20a70eef29322ee01894a5b7b68b5646fd800a3c4ea826472450195b7228166272b9afff750f057f8bcdd514a35c
Tags
Signatures
-
BitRAT
-
Adds Run key to start application
Tags
TTPs
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks