bitrat | 32a236c5951f03c2810509b3adcec8bf3e0dcb5e747a18b448f3ebadab4fa6be | Triage

Sharing

General

Target

5E297439F33C3AF204BFA3461BB2D8AB.fil
Size

38.1MB
Sample

220712-3kexqsafd9
MD5

5e297439f33c3af204bfa3461bb2d8ab
SHA1

8a0168ab1e7c0b6eb072c9f5666d077d77e92a9d
SHA256

32a236c5951f03c2810509b3adcec8bf3e0dcb5e747a18b448f3ebadab4fa6be
SHA512

d12f55b3cecb9d8fa975bd937be17664a2f1d51f60760f3824b1cd89d887c865ddb86f7b4be4851c1b72f820e3f533ce65bf906ae455da7fd9df0aa99a50b1c0

Score

10^/10

bitrat persistence suricata trojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

under101.duckdns.org:1025

Attributes

communication_password
81dc9bdb52d04dc20036dbd8313ed055
install_dir
AppData
install_file
Blast.exe
tor_process
tor

Targets

- Target
  
  5E297439F33C3AF204BFA3461BB2D8AB.fil
- Size
  
  38.1MB
- MD5
  
  5e297439f33c3af204bfa3461bb2d8ab
- SHA1
  
  8a0168ab1e7c0b6eb072c9f5666d077d77e92a9d
- SHA256
  
  32a236c5951f03c2810509b3adcec8bf3e0dcb5e747a18b448f3ebadab4fa6be
- SHA512
  
  d12f55b3cecb9d8fa975bd937be17664a2f1d51f60760f3824b1cd89d887c865ddb86f7b4be4851c1b72f820e3f533ce65bf906ae455da7fd9df0aa99a50b1c0
Score

10^/10

bitrat persistence suricata trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
  suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
  suricata
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bitratpersistencesuricatatrojan

behavioral2