bitrat | 311dc36ff1b1c092fe3c27ea3d7c699b77d092da4d5f1ccb5fc8e35b9a4adf5c | Triage

Sharing

General

Target

7e319c1315d5b97983fb7cb4d93ddf0c.exe
Size

65KB
Sample

221202-xm276adg64
MD5

7e319c1315d5b97983fb7cb4d93ddf0c
SHA1

fde2d21cb08b8d95ea2e4419e51aa43f8da348ac
SHA256

311dc36ff1b1c092fe3c27ea3d7c699b77d092da4d5f1ccb5fc8e35b9a4adf5c
SHA512

02f59f8d2dd41e1e287c46a8bd3119c98d2f2500a95a7d980791f7f6f326cad43111385b30d3c8e6de912905a81527632dd9a7089f1aa6f1716eabe4608bcfad
SSDEEP

1536:WIHebrEKfgYBUngABZvxZ/DOG8s8MkeNSzXzK1:Gb4KRapBZP/Dl8DMDSzX+1

Score

10^/10

bitrat persistence trojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

37.139.128.233:3569

Attributes

communication_password
ce952068942604a6d6df06ed5002fad6
tor_process
tor

Targets

- Target
  
  7e319c1315d5b97983fb7cb4d93ddf0c.exe
- Size
  
  65KB
- MD5
  
  7e319c1315d5b97983fb7cb4d93ddf0c
- SHA1
  
  fde2d21cb08b8d95ea2e4419e51aa43f8da348ac
- SHA256
  
  311dc36ff1b1c092fe3c27ea3d7c699b77d092da4d5f1ccb5fc8e35b9a4adf5c
- SHA512
  
  02f59f8d2dd41e1e287c46a8bd3119c98d2f2500a95a7d980791f7f6f326cad43111385b30d3c8e6de912905a81527632dd9a7089f1aa6f1716eabe4608bcfad
- SSDEEP
  
  1536:WIHebrEKfgYBUngABZvxZ/DOG8s8MkeNSzXzK1:Gb4KRapBZP/Dl8DMDSzX+1
Score

10^/10

bitrat persistence trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bitratpersistencetrojan

behavioral2