bitrat | 8dae589a1806bcf1cf37a85cf9821a25527c4a271d8aba3c9a8f621061766840 | Triage

Sharing

General

Target

3f4db4050dee9f3e8bd5e5582c819cf5.exe
Size

2.3MB
Sample

220601-h3sw4afbh2
MD5

3f4db4050dee9f3e8bd5e5582c819cf5
SHA1

9791da30a7d8e2370d035d46dc45238daaf79301
SHA256

8dae589a1806bcf1cf37a85cf9821a25527c4a271d8aba3c9a8f621061766840
SHA512

f748cd3cd36f994977010305c71e6f4eeb611240c7edcb972e29bb7c82c7067715001e492d12975c9e14d38496acb1643e75bb7703f568ab5effe53bd62227dd

Score

10^/10

bitrat persistence trojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

37.0.11.155:4670

Attributes

communication_password
31af2433c836721a29f5d8e94b790444
tor_process
tor

Targets

- Target
  
  3f4db4050dee9f3e8bd5e5582c819cf5.exe
- Size
  
  2.3MB
- MD5
  
  3f4db4050dee9f3e8bd5e5582c819cf5
- SHA1
  
  9791da30a7d8e2370d035d46dc45238daaf79301
- SHA256
  
  8dae589a1806bcf1cf37a85cf9821a25527c4a271d8aba3c9a8f621061766840
- SHA512
  
  f748cd3cd36f994977010305c71e6f4eeb611240c7edcb972e29bb7c82c7067715001e492d12975c9e14d38496acb1643e75bb7703f568ab5effe53bd62227dd
Score

10^/10

bitrat persistence trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bitratpersistencetrojan

behavioral2

bitratpersistencetrojan