bitrat | 01bad7f8fe6dd20f9c1efeae2a31cfc0ac4e865cc72033c12d1b1a200cf8be3c | Triage

Submit
Reports

Overview

overview

Static

static

01bad7f8fe...3c.msi

windows7-x64

01bad7f8fe...3c.msi

windows10-2004-x64

6

Sharing

General

Target

01bad7f8fe6dd20f9c1efeae2a31cfc0ac4e865cc72033c12d1b1a200cf8be3c
Size

9.2MB
Sample

221126-xrfvqagb79
MD5

17f3277513d19cf79bbe6559fb2052c0
SHA1

ad1e3466883a4e3150d14de7ae5c394bf969bd1d
SHA256

01bad7f8fe6dd20f9c1efeae2a31cfc0ac4e865cc72033c12d1b1a200cf8be3c
SHA512

9d5fefd9949daeaa8c916e072773fa26c0d496352abcb68fb120112116f0a5f5fe7730cc499c5d22efd26b5e7f2780849c9413f315a52809fd4229708779e4fc
SSDEEP

196608:ZAoTAYfvjVvkv5ae8y0f8tHh/WrjdZbCjkzAtqj8Kr8+UgiqH:RTXrVvC5N0ch/W1pCjGAfKCgR

Score

10^/10

bitrat trojan

Static task

static1

Behavioral task

behavioral1

Sample

01bad7f8fe6dd20f9c1efeae2a31cfc0ac4e865cc72033c12d1b1a200cf8be3c.msi

Resource

win7-20220901-en

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

01bad7f8fe6dd20f9c1efeae2a31cfc0ac4e865cc72033c12d1b1a200cf8be3c.msi

Resource

win10v2004-20220812-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

93.115.20.35:443

Attributes

communication_password
bfcff6e70c553d5acebca13a9fe9653f
tor_process
tor

Targets

- Target
  
  01bad7f8fe6dd20f9c1efeae2a31cfc0ac4e865cc72033c12d1b1a200cf8be3c
- Size
  
  9.2MB
- MD5
  
  17f3277513d19cf79bbe6559fb2052c0
- SHA1
  
  ad1e3466883a4e3150d14de7ae5c394bf969bd1d
- SHA256
  
  01bad7f8fe6dd20f9c1efeae2a31cfc0ac4e865cc72033c12d1b1a200cf8be3c
- SHA512
  
  9d5fefd9949daeaa8c916e072773fa26c0d496352abcb68fb120112116f0a5f5fe7730cc499c5d22efd26b5e7f2780849c9413f315a52809fd4229708779e4fc
- SSDEEP
  
  196608:ZAoTAYfvjVvkv5ae8y0f8tHh/WrjdZbCjkzAtqj8Kr8+UgiqH:RTXrVvC5N0ch/W1pCjGAfKCgR
Score

10^/10

bitrat trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy