bitrat | de070619366a56d4a3ae1718712a09a8523f6346a50f306d1a0d173dd2c9aee2 | Triage

Sharing

General

Target

de070619366a56d4a3ae1718712a09a8523f6346a50f306d1a0d173dd2c9aee2
Size

4.8MB
Sample

230129-y8b4jade7y
MD5

94a2ebdbfca94ca574691295689b6b9c
SHA1

92fff5c4d9f2a4427a3b5317b3391d40197f5f6a
SHA256

de070619366a56d4a3ae1718712a09a8523f6346a50f306d1a0d173dd2c9aee2
SHA512

6dc1b78178e31219fa02635879b928622fa40bb7218dcf4cacc5490f47a25060c645ee21b4d0e72b32f25a82928ac43138b08faceba2a195d84cfeb5979a3675
SSDEEP

98304:lRA8Y/PdoOGmGHpmxf42MwZMHGI0T4Nu4lfPGb/wJGo+cvw:TAB1h6e42MW4C4M4Jeb6R

Score

10^/10

bitrat trojan

Malware Config

Extracted

Family

bitrat

Version

1.34

C2

193.239.147.77:6505

Attributes

communication_password
c398335f85d477cb4802c03bad3916fd
tor_process
tor

Targets

- Target
  
  de070619366a56d4a3ae1718712a09a8523f6346a50f306d1a0d173dd2c9aee2
- Size
  
  4.8MB
- MD5
  
  94a2ebdbfca94ca574691295689b6b9c
- SHA1
  
  92fff5c4d9f2a4427a3b5317b3391d40197f5f6a
- SHA256
  
  de070619366a56d4a3ae1718712a09a8523f6346a50f306d1a0d173dd2c9aee2
- SHA512
  
  6dc1b78178e31219fa02635879b928622fa40bb7218dcf4cacc5490f47a25060c645ee21b4d0e72b32f25a82928ac43138b08faceba2a195d84cfeb5979a3675
- SSDEEP
  
  98304:lRA8Y/PdoOGmGHpmxf42MwZMHGI0T4Nu4lfPGb/wJGo+cvw:TAB1h6e42MW4C4M4Jeb6R
Score

10^/10

bitrat trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2