Description
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
9618345aad276496e7d33d390a0cdf5e
322KB
220120-ys13qabdg4
9618345aad276496e7d33d390a0cdf5e
49ea625e58a17a1992c767fc7afb137dbfd0419a
dc9ddeb5493a529530acf29a62a5de10bef65ffb22ebea264818058bf9223ae6
9c4d96bba45a6e589d597277d8454a89781a53b0b6419b4f4ef04f02576a424f7efdc5a9c4f5a426742544d6d054b1ab14aebad6a6a6a355c8c3a0345778ca6d
Family | bitrat |
Version | 1.38 |
C2 |
20deenero.con-ip.com:3005 |
Attributes |
communication_password 202cb962ac59075b964b07152d234b70
install_dir AppData
install_file chrome.exe
tor_process tor |
9618345aad276496e7d33d390a0cdf5e
9618345aad276496e7d33d390a0cdf5e
322KB
49ea625e58a17a1992c767fc7afb137dbfd0419a
dc9ddeb5493a529530acf29a62a5de10bef65ffb22ebea264818058bf9223ae6
9c4d96bba45a6e589d597277d8454a89781a53b0b6419b4f4ef04f02576a424f7efdc5a9c4f5a426742544d6d054b1ab14aebad6a6a6a355c8c3a0345778ca6d
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
Detects executables packed with UPX/modified UPX open source packer.
Looks up country code configured in the registry, likely geofence.