bitrat | 19b67a5826378b42a473c05175b0c368537fc5a2b7341fd89cb1e9932bc6acb5 | Triage

Sharing

General

Target

19b67a5826378b42a473c05175b0c368537fc5a2b7341fd89cb1e9932bc6acb5
Size

3.8MB
Sample

220608-gdahsabgdl
MD5

3728c3e5e5aeace956b1fe64f976e479
SHA1

3b7fee1bf1b887a785d40460f21562a0ebe648e5
SHA256

19b67a5826378b42a473c05175b0c368537fc5a2b7341fd89cb1e9932bc6acb5
SHA512

7b90cb89efa6bd54dfa91e7b494146ce90c20a1b161dbd5f63dc822e08c52a8e151954ce993c03a35bce9f8a39166cfa71c05e49b6bee86858821a2e8fee0595

Score

10^/10

bitrat persistence suricata trojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

redddhattt.ddns.net:54329

Attributes

communication_password
9fe75de7500e7073d749469bb3a46cc2
install_dir
Chrome
install_file
Chrome.exe
tor_process
tor

Targets

- Target
  
  19b67a5826378b42a473c05175b0c368537fc5a2b7341fd89cb1e9932bc6acb5
- Size
  
  3.8MB
- MD5
  
  3728c3e5e5aeace956b1fe64f976e479
- SHA1
  
  3b7fee1bf1b887a785d40460f21562a0ebe648e5
- SHA256
  
  19b67a5826378b42a473c05175b0c368537fc5a2b7341fd89cb1e9932bc6acb5
- SHA512
  
  7b90cb89efa6bd54dfa91e7b494146ce90c20a1b161dbd5f63dc822e08c52a8e151954ce993c03a35bce9f8a39166cfa71c05e49b6bee86858821a2e8fee0595
Score

10^/10

bitrat persistence suricata trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
  suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
  suricata
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bitratpersistencesuricatatrojan

behavioral2

bitratpersistencesuricatatrojan