bitrat | a1031a4ec54eb26124df7ecbb1dd0feb65434db2b97a3738de938f74ecb2527f | Triage

Sharing

General

Target

Radicado De La Denuncia.exe
Size

1.1MB
Sample

220730-khkq4aabhn
MD5

f4870d32cab14312598325c151c86f98
SHA1

2b6799150e4fe9947fe2d13ef929862d8f4649d3
SHA256

a1031a4ec54eb26124df7ecbb1dd0feb65434db2b97a3738de938f74ecb2527f
SHA512

2fd80500d76e7d7f4d47361bace130d967a3de23bae0b3251494da50c9a1d1769b7448c516311807b06f88323c65ad5aaf40a8dddecdefc221fa119436809ba0

Score

10^/10

bitrat persistence trojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

marcete.duckdns.org:9090

Attributes

communication_password
81dc9bdb52d04dc20036dbd8313ed055
install_dir
AppData.exe
install_file
listooo
tor_process
tor

Targets

- Target
  
  Radicado De La Denuncia.exe
- Size
  
  1.1MB
- MD5
  
  f4870d32cab14312598325c151c86f98
- SHA1
  
  2b6799150e4fe9947fe2d13ef929862d8f4649d3
- SHA256
  
  a1031a4ec54eb26124df7ecbb1dd0feb65434db2b97a3738de938f74ecb2527f
- SHA512
  
  2fd80500d76e7d7f4d47361bace130d967a3de23bae0b3251494da50c9a1d1769b7448c516311807b06f88323c65ad5aaf40a8dddecdefc221fa119436809ba0
Score

10^/10

bitrat persistence trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

bitratpersistencetrojan