bitrat | 1b9c9b834da58ea5a48a29ecb1fa94be9745a48484417ff2caf6ed70f1a50cbd | Triage

Sharing

General

Target

ORDER SMAPLES.exe
Size

2.1MB
Sample

220721-gj6s6sdfan
MD5

507da88c0faa082c6a5974a173feafef
SHA1

62bb282d4214dfde18242f77f19f818127552e1d
SHA256

1b9c9b834da58ea5a48a29ecb1fa94be9745a48484417ff2caf6ed70f1a50cbd
SHA512

793c3370f347cd3dbc47d198bcb8069667cc1e37e09fd9f669ff05ac950b7d741993c981da8ef1982c4ed325b7e952c17b437cd9b266c3faffe541fe72158a19

Score

10^/10

bitrat persistence trojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

103.153.79.240:1234

Attributes

communication_password
e10adc3949ba59abbe56e057f20f883e
tor_process
tor

Targets

- Target
  
  ORDER SMAPLES.exe
- Size
  
  2.1MB
- MD5
  
  507da88c0faa082c6a5974a173feafef
- SHA1
  
  62bb282d4214dfde18242f77f19f818127552e1d
- SHA256
  
  1b9c9b834da58ea5a48a29ecb1fa94be9745a48484417ff2caf6ed70f1a50cbd
- SHA512
  
  793c3370f347cd3dbc47d198bcb8069667cc1e37e09fd9f669ff05ac950b7d741993c981da8ef1982c4ed325b7e952c17b437cd9b266c3faffe541fe72158a19
Score

10^/10

bitrat persistence trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bitratpersistencetrojan

behavioral2

bitratpersistencetrojan