bitrat | e4cd8a1b9e5c53eae6da80b1d3bddaa3036f9fc7229d8a0d8307e3f4927d9349 | Triage

Sharing

General

Target

e4cd8a1b9e5c53eae6da80b1d3bddaa3036f9fc7229d8a0d8307e3f4927d9349
Size

4.1MB
Sample

220123-mtn9rsfhg6
MD5

906704d57b43ab4f0cbb625b619c0524
SHA1

5ffa166c080fc4207d5bf69a570256b090643dfb
SHA256

e4cd8a1b9e5c53eae6da80b1d3bddaa3036f9fc7229d8a0d8307e3f4927d9349
SHA512

11aecb4c157d0b3ad2ee733105efd3aad6f7852977a5d4a8ff62b60a8727ccc9c8ac3257babdebd4936131034e9bd9e01e93df7adc186be23b7f07f1b1e02d35

Score

10^/10

bitrat persistence trojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

kimonda700.duckdns.org:5858

Attributes

communication_password
5604f45e9eedfa10a01bbe1ebda16726
tor_process
tor

Targets

- Target
  
  e4cd8a1b9e5c53eae6da80b1d3bddaa3036f9fc7229d8a0d8307e3f4927d9349
- Size
  
  4.1MB
- MD5
  
  906704d57b43ab4f0cbb625b619c0524
- SHA1
  
  5ffa166c080fc4207d5bf69a570256b090643dfb
- SHA256
  
  e4cd8a1b9e5c53eae6da80b1d3bddaa3036f9fc7229d8a0d8307e3f4927d9349
- SHA512
  
  11aecb4c157d0b3ad2ee733105efd3aad6f7852977a5d4a8ff62b60a8727ccc9c8ac3257babdebd4936131034e9bd9e01e93df7adc186be23b7f07f1b1e02d35
Score

10^/10

bitrat persistence trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Sets service image path in registry
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bitratpersistencetrojan