Description
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
Bon de commande.exe
General
Target
Size
Sample
Bon de commande.exe
26KB
220121-qjlbxahfhm
Score
10 /10
MD5
SHA1
SHA256
SHA512
00286c04e7817a33d830719ef9afda61
3e59b07e3aa255dc4086c9c631d814ac201e9951
263b305d6a17491a0dd9dd32c5e56536263326e716e0474a132c1d8f8cc0878d
917d83abba42301eabf3e5bdc7450300150925955cc2b6ddb40b28338c2014ec30c234fad245bc19f5d5345f5ad5de55e0a738e7bb9fa96b765117c3410a8612
Malware Config
Extracted
| Family | bitrat |
| Version | 1.38 |
| C2 |
severdops.ddns.net:3071 |
| Attributes |
communication_password 29ef52e7563626a96cea7f4b4085c124
tor_process tor |
Targets
Target
MD5
Filesize
Bon de commande.exe
00286c04e7817a33d830719ef9afda61
26KB
Score
10/10
SHA1
SHA256
SHA512
3e59b07e3aa255dc4086c9c631d814ac201e9951
263b305d6a17491a0dd9dd32c5e56536263326e716e0474a132c1d8f8cc0878d
917d83abba42301eabf3e5bdc7450300150925955cc2b6ddb40b28338c2014ec30c234fad245bc19f5d5345f5ad5de55e0a738e7bb9fa96b765117c3410a8612
Tags
Signatures
-
BitRAT
-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
Description
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
Tags
-
UPX packed file
Description
Detects executables packed with UPX/modified UPX open source packer.
Tags
-
Adds Run key to start application
Tags
TTPs
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks