bitrat | 96364c7f7fa7021d74eeea4e078bb0e41f0ac1263556d1046c965ee2424ee1e6 | Triage

Sharing

General

Target

96364c7f7fa7021d74eeea4e078bb0e41f0ac1263556d1046c965ee2424ee1e6
Size

4.5MB
Sample

220708-smyshshfh7
MD5

851bf6532e9515391b378bc7ad7c617a
SHA1

69deeace3359bc69bd442ba0b5c9705b05961549
SHA256

96364c7f7fa7021d74eeea4e078bb0e41f0ac1263556d1046c965ee2424ee1e6
SHA512

4fa063c8f7b939cd42a0ad1c80bfb031e3cc22c64b239a32d0644ac675d5ef7917ff62080d0fff0347c9ead8a90529c6911ab0cf0ed1a1955778d7928ebb1459

Score

10^/10

bitrat trojan

Malware Config

Extracted

Family

bitrat

Version

1.33

C2

179.43.140.170:8048

Attributes

communication_password
6d42182cc168e65bffe35cf337ee3088
tor_process
tor

Targets

- Target
  
  96364c7f7fa7021d74eeea4e078bb0e41f0ac1263556d1046c965ee2424ee1e6
- Size
  
  4.5MB
- MD5
  
  851bf6532e9515391b378bc7ad7c617a
- SHA1
  
  69deeace3359bc69bd442ba0b5c9705b05961549
- SHA256
  
  96364c7f7fa7021d74eeea4e078bb0e41f0ac1263556d1046c965ee2424ee1e6
- SHA512
  
  4fa063c8f7b939cd42a0ad1c80bfb031e3cc22c64b239a32d0644ac675d5ef7917ff62080d0fff0347c9ead8a90529c6911ab0cf0ed1a1955778d7928ebb1459
Score

10^/10

bitrat trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2