bitrat | adeac73d9683edb8ce2e8bd1c91211cd35bd1bbb4efae92d392cefd8a04580a1 | Triage

Sharing

General

Target

adeac73d9683edb8ce2e8bd1c91211cd35bd1bbb4efae92d392cefd8a04580a1
Size

47KB
Sample

221204-3w8desgc63
MD5

7b3d705446a11e471cf9f65c0557f60a
SHA1

f4cbd006b13542ee9381bfdbbff25899aad1927b
SHA256

adeac73d9683edb8ce2e8bd1c91211cd35bd1bbb4efae92d392cefd8a04580a1
SHA512

0b6338e69fe7c67cfc230660c04e25baea7a1b0d3cd5b5341d8e714f320ce4211ef6d5a8cb3c50d006a8a0b2aa85b801356dbe536b9f80e4b445f761afcc617f
SSDEEP

768:F00wb76/OQvuoZ1XC/6FTi/wcdNLOlPwZvg4SjI/Ge7mC:FGOvuoZ1XCy14wcu2SjIqC

Score

10^/10

bitrat trojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

windowsnonbooterminernet.8h.re:63803

Attributes

communication_password
49c0c6521276aefdf9f6763ef24c5c1a
tor_process
tor

Targets

- Target
  
  adeac73d9683edb8ce2e8bd1c91211cd35bd1bbb4efae92d392cefd8a04580a1
- Size
  
  47KB
- MD5
  
  7b3d705446a11e471cf9f65c0557f60a
- SHA1
  
  f4cbd006b13542ee9381bfdbbff25899aad1927b
- SHA256
  
  adeac73d9683edb8ce2e8bd1c91211cd35bd1bbb4efae92d392cefd8a04580a1
- SHA512
  
  0b6338e69fe7c67cfc230660c04e25baea7a1b0d3cd5b5341d8e714f320ce4211ef6d5a8cb3c50d006a8a0b2aa85b801356dbe536b9f80e4b445f761afcc617f
- SSDEEP
  
  768:F00wb76/OQvuoZ1XC/6FTi/wcdNLOlPwZvg4SjI/Ge7mC:FGOvuoZ1XCy14wcu2SjIqC
Score

10^/10

bitrat trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2