bitrat

General

Target

DOMUMENTO DE TRANSACCION REALIZADA.bin.zip
Size

64KB
Sample

220609-vlmpzaeeh7
MD5

17638baee6cac22980628aafb5ffd566
SHA1

dbb4d6c0f5647d15225a183e468272be9bbda847
SHA256

6f628448d414787ca2ee26eed975b02ae71a9ab61d2d8eb58f3de9f8d285c7e5
SHA512

d92493483e2d3afc5f3fcc66e93cebd17fb2bd2e2eeb003c2983848ce1e6f2212964634cf7f43242a7e35b24fea780ee4a00eae6652570e4c0243da6fd1fc856

Score

10^/10

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

breswew.duckdns.org:1880

Attributes

communication_password
202cb962ac59075b964b07152d234b70
tor_process
tor

Targets

- Target
  
  DOMUMENTO DE TRANSACCION REALIZADA.bin
- Size
  
  126KB
- MD5
  
  8c52bf0ad28692c8e274874606c362dd
- SHA1
  
  ebcda75002db41d1a7f3597ca9467aab625439f7
- SHA256
  
  ac6da2e8ec05b1e8e562c15745997b48c0f51aeb823d4858445123060f40bb57
- SHA512
  
  62dc35a98757814ceaec1f5ff41d97641e5ceabb3e5511ad79be3db272d63fbd001bb62ea9f019a773dd5293dd4993a87d775825dda827b5dd9c1a05d274bf24
Score

10^/10

bitrat persistence suricata trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
  suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
  suricata
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)

UPX packed file

Checks computer location settings

Adds Run key to start application

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4