bitrat | 6ea90b2104d4ded4edbe26cb33a507bee9557541b40e8dbc7b2b5a77125d3802 | Triage

Sharing

General

Target

0965917ae4a77487c2ae86e6b5ed0250.exe
Size

4.2MB
Sample

220720-n31vlafad5
MD5

0965917ae4a77487c2ae86e6b5ed0250
SHA1

4be084634d93899ecbc74ad2d723fa43bbb509c2
SHA256

6ea90b2104d4ded4edbe26cb33a507bee9557541b40e8dbc7b2b5a77125d3802
SHA512

0e849518870d241a556241171fd753c6ea80b2c6c969ddfd331183d61400a988bc338564e4317ebb0136c63f9fbee1a58342827ae619acb781b89fde919b0177

Score

10^/10

bitrat trojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

queentaline.ddns.net:1117

Attributes

communication_password
202cb962ac59075b964b07152d234b70
tor_process
tor

Targets

- Target
  
  0965917ae4a77487c2ae86e6b5ed0250.exe
- Size
  
  4.2MB
- MD5
  
  0965917ae4a77487c2ae86e6b5ed0250
- SHA1
  
  4be084634d93899ecbc74ad2d723fa43bbb509c2
- SHA256
  
  6ea90b2104d4ded4edbe26cb33a507bee9557541b40e8dbc7b2b5a77125d3802
- SHA512
  
  0e849518870d241a556241171fd753c6ea80b2c6c969ddfd331183d61400a988bc338564e4317ebb0136c63f9fbee1a58342827ae619acb781b89fde919b0177
Score

10^/10

bitrat trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2