Description
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
8f161c203384b95bc5b20e122a9c1c68
General
Target
Size
Sample
8f161c203384b95bc5b20e122a9c1c68
323KB
220120-xnpy8abbfl
Score
10 /10
MD5
SHA1
SHA256
SHA512
8f161c203384b95bc5b20e122a9c1c68
c72b4a03fef8c75ff0aab7bd97722249c9334ab0
4ea881ce90cbf4c9f6f26b940e062bbd147531c6754390f7e61784d892b54668
5b057a81759833c140153d4154f03ec6f0d544411f6739310b0c9f271b77d613c50062076a9aec951a527fed3aa55cc9d2fdd2a9bdd337912e020cd986066587
Malware Config
Extracted
| Family | bitrat |
| Version | 1.38 |
| C2 |
utfghjhkyut.duckdns.org:1882 |
| Attributes |
communication_password 81dc9bdb52d04dc20036dbd8313ed055
install_dir AppData
install_file chrome.exe
tor_process tor |
Targets
Target
MD5
Filesize
8f161c203384b95bc5b20e122a9c1c68
8f161c203384b95bc5b20e122a9c1c68
323KB
Score
10/10
SHA1
SHA256
SHA512
c72b4a03fef8c75ff0aab7bd97722249c9334ab0
4ea881ce90cbf4c9f6f26b940e062bbd147531c6754390f7e61784d892b54668
5b057a81759833c140153d4154f03ec6f0d544411f6739310b0c9f271b77d613c50062076a9aec951a527fed3aa55cc9d2fdd2a9bdd337912e020cd986066587
Tags
Signatures
-
BitRAT
-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
Description
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
Tags
-
UPX packed file
Description
Detects executables packed with UPX/modified UPX open source packer.
Tags
-
Checks computer location settings
Description
Looks up country code configured in the registry, likely geofence.
TTPs
-
Adds Run key to start application
Tags
TTPs
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks