bitrat

General

Target

F6SNA4S9KD7_ETRANSFER_RECEIPT.zip
Size

1.8MB
Sample

220606-xlfmrsfbcr
MD5

c4c2eae78a0a4f448b8111454da6bfce
SHA1

1ce0ffe7b3b0196938c5783e24e8a3b57b077552
SHA256

3368c73256020d0096f04966c0e7443d1d6d2337c080c370fd7ceb8f1fcf3314
SHA512

0bd8508e1398be29d86cd8367d81ef41336ee886e6433dda8cd8bbbc81ae990c8a9e22baba4d42010f6ed9a04febcffd86ed50d457cee3b445eac3ff85061479

Score

10^/10

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

bitrat9300.duckdns.org:9300

Attributes

communication_password
e10adc3949ba59abbe56e057f20f883e
tor_process
tor

Targets

- Target
  
  F6SNA4S9KD7_ETRANSFER_RECEIPT.iso
- Size
  
  300.6MB
- MD5
  
  c1236b62b55e2f52d0d4cfa4f20af1a7
- SHA1
  
  87e757fd829df3d0adfa66e99aa755f3c3d399a2
- SHA256
  
  57b0116b1304296ff75e986d2dfcb2933331e9ca6336026bd4fdca89b0209acf
- SHA512
  
  7e4742bd70e98d4647a86251c0fdee7f5b1dc999813033815b87910dd6d3ec9ea737c0d9d43d9714a7cbc53849d20e14cb540614613da05f573b5935f140da4d
Score

3^/10
behavioral1 behavioral2
- Target
  
  F6SNA4S9KD7_ETRANSFER_RECEIPT.exe
- Size
  
  300.0MB
- MD5
  
  57b653c941b2f756f705dc40d5abf80e
- SHA1
  
  c0c0101c1b2a523e6baf7964ba94e733fae77c32
- SHA256
  
  deacd98df57ca5cab910cab1fba939fd02eab616cb70993fd5eae81c6547cda0
- SHA512
  
  be671100021853d8932b48dcda89e63a79832d7ff030527e69cee5076b8d247c206a12707330698d8781ea7a43f5758323f6f4a9627389e98be41ce029ef717f
Score

10^/10

bitrat suricata trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
  suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
  suricata
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)

Executes dropped EXE

UPX packed file

Loads dropped DLL

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4