Description
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
Juicio No 17292201700138, PRIMERA INSTANCIA.exe
General
Target
Size
Sample
Juicio No 17292201700138, PRIMERA INSTANCIA.exe
292KB
220117-xtt55acdaj
Score
10 /10
MD5
SHA1
SHA256
SHA512
c7ef2678503427b2196bcd3043228fda
2939b316e7c6b30ca7b298bbbaf8cad789a92bc1
a74a193f0864f96cb4a8a49c01495cd2e6223893e832c494a70cba3d0e9b765c
697f21ec76268ad48d34ff07a5b647e86c2138c66e909e5b185651e9674047689757d2d646a57d2fdb297b6828c46e29ce3882fc04f59afc770d9b2d544b0e2c
Malware Config
Extracted
| Family | bitrat |
| Version | 1.38 |
| C2 |
positivoooooo.duckdns.org:3005 |
| Attributes |
communication_password 202cb962ac59075b964b07152d234b70
tor_process tor |
Targets
Target
MD5
Filesize
Juicio No 17292201700138, PRIMERA INSTANCIA.exe
c7ef2678503427b2196bcd3043228fda
292KB
Score
10/10
SHA1
SHA256
SHA512
2939b316e7c6b30ca7b298bbbaf8cad789a92bc1
a74a193f0864f96cb4a8a49c01495cd2e6223893e832c494a70cba3d0e9b765c
697f21ec76268ad48d34ff07a5b647e86c2138c66e909e5b185651e9674047689757d2d646a57d2fdb297b6828c46e29ce3882fc04f59afc770d9b2d544b0e2c
Tags
Signatures
-
BitRAT
-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
Description
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
Tags
-
UPX packed file
Description
Detects executables packed with UPX/modified UPX open source packer.
Tags
-
Checks computer location settings
Description
Looks up country code configured in the registry, likely geofence.
TTPs
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks