bitrat | 01bad7f8fe6dd20f9c1efeae2a31cfc0ac4e865cc72033c12d1b1a200cf8be3c | Triage

Sharing

General

Target

01bad7f8fe6dd20f9c1efeae2a31cfc0ac4e865cc72033c12d1b1a200cf8be3c
Size

9.2MB
Sample

221126-xrfvqagb79
MD5

17f3277513d19cf79bbe6559fb2052c0
SHA1

ad1e3466883a4e3150d14de7ae5c394bf969bd1d
SHA256

01bad7f8fe6dd20f9c1efeae2a31cfc0ac4e865cc72033c12d1b1a200cf8be3c
SHA512

9d5fefd9949daeaa8c916e072773fa26c0d496352abcb68fb120112116f0a5f5fe7730cc499c5d22efd26b5e7f2780849c9413f315a52809fd4229708779e4fc
SSDEEP

196608:ZAoTAYfvjVvkv5ae8y0f8tHh/WrjdZbCjkzAtqj8Kr8+UgiqH:RTXrVvC5N0ch/W1pCjGAfKCgR

Score

10^/10

bitrat trojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

93.115.20.35:443

Attributes

communication_password
bfcff6e70c553d5acebca13a9fe9653f
tor_process
tor

Targets

- Target
  
  01bad7f8fe6dd20f9c1efeae2a31cfc0ac4e865cc72033c12d1b1a200cf8be3c
- Size
  
  9.2MB
- MD5
  
  17f3277513d19cf79bbe6559fb2052c0
- SHA1
  
  ad1e3466883a4e3150d14de7ae5c394bf969bd1d
- SHA256
  
  01bad7f8fe6dd20f9c1efeae2a31cfc0ac4e865cc72033c12d1b1a200cf8be3c
- SHA512
  
  9d5fefd9949daeaa8c916e072773fa26c0d496352abcb68fb120112116f0a5f5fe7730cc499c5d22efd26b5e7f2780849c9413f315a52809fd4229708779e4fc
- SSDEEP
  
  196608:ZAoTAYfvjVvkv5ae8y0f8tHh/WrjdZbCjkzAtqj8Kr8+UgiqH:RTXrVvC5N0ch/W1pCjGAfKCgR
Score

10^/10

bitrat trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2