bitrat | e76a3b05cbd6022aafe1c4d505220b08c0de4992bbb4faf88fa226a1d50c427b | Triage

Sharing

General

Target

e76a3b05cbd6022aafe1c4d505220b08c0de4992bbb4faf88fa226a1d50c427b
Size

3.5MB
Sample

230129-y6jqlade3w
MD5

2a91c21bfc56a4fd93f7efa57724a759
SHA1

3c488f16cebbe8454fb490a9305eed8b7ae9eeba
SHA256

e76a3b05cbd6022aafe1c4d505220b08c0de4992bbb4faf88fa226a1d50c427b
SHA512

2f4b8f7c5b7192da4706a8986943d047af18534320502f74aff3d9ff8c34c3632c238be16c25e6e2ecd4b67cc38954b0b5948e0351a21c4948224e99a1b0fbea
SSDEEP

98304:p4GcmSFQwfd3TyjJPLOzvSjmDXGT48tcf5MP:p4GP+Qy5TyizveAXGU8tcf5A

Score

10^/10

bitrat trojan

Malware Config

Extracted

Family

bitrat

Version

1.34

C2

37.120.208.46:1973

Attributes

communication_password
f49a6667c09a9e329afb64bc0a18a188
tor_process
tor

Targets

- Target
  
  e76a3b05cbd6022aafe1c4d505220b08c0de4992bbb4faf88fa226a1d50c427b
- Size
  
  3.5MB
- MD5
  
  2a91c21bfc56a4fd93f7efa57724a759
- SHA1
  
  3c488f16cebbe8454fb490a9305eed8b7ae9eeba
- SHA256
  
  e76a3b05cbd6022aafe1c4d505220b08c0de4992bbb4faf88fa226a1d50c427b
- SHA512
  
  2f4b8f7c5b7192da4706a8986943d047af18534320502f74aff3d9ff8c34c3632c238be16c25e6e2ecd4b67cc38954b0b5948e0351a21c4948224e99a1b0fbea
- SSDEEP
  
  98304:p4GcmSFQwfd3TyjJPLOzvSjmDXGT48tcf5MP:p4GP+Qy5TyizveAXGU8tcf5A
Score

10^/10

bitrat trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2