bitrat | 246963e6022a7ba9276b0ba3645350224eabe9430cfe175110e6ca555dd1f9e6 | Triage

Sharing

General

Target

246963e6022a7ba9276b0ba3645350224eabe9430cfe175110e6ca555dd1f9e6
Size

4.4MB
Sample

230129-ybqwesbb34
MD5

3bb57e4664a0d856efc119a1c7fe80a0
SHA1

b37b8a29e2b9f1036147697d986b2bfebe93dd1b
SHA256

246963e6022a7ba9276b0ba3645350224eabe9430cfe175110e6ca555dd1f9e6
SHA512

cb168f82125279d1911fd141168fce9607b16deb212a550f6ed851054cefa56857664edfefd0ea22ea3380ea4e588da36413d0704cf72fc654f0672b46eab107
SSDEEP

98304:PlQdvRK/ythTnRS5PltYhGFqdOaH8UHmHj8C8wZyTtxdVpQu:Pl0ZTySfdFH8UGHjr8ymTdVT

Score

10^/10

bitrat trojan

Malware Config

Extracted

Family

bitrat

Version

1.34

C2

79.134.225.69:1973

Attributes

communication_password
f49a6667c09a9e329afb64bc0a18a188
tor_process
tor

Targets

- Target
  
  246963e6022a7ba9276b0ba3645350224eabe9430cfe175110e6ca555dd1f9e6
- Size
  
  4.4MB
- MD5
  
  3bb57e4664a0d856efc119a1c7fe80a0
- SHA1
  
  b37b8a29e2b9f1036147697d986b2bfebe93dd1b
- SHA256
  
  246963e6022a7ba9276b0ba3645350224eabe9430cfe175110e6ca555dd1f9e6
- SHA512
  
  cb168f82125279d1911fd141168fce9607b16deb212a550f6ed851054cefa56857664edfefd0ea22ea3380ea4e588da36413d0704cf72fc654f0672b46eab107
- SSDEEP
  
  98304:PlQdvRK/ythTnRS5PltYhGFqdOaH8UHmHj8C8wZyTtxdVpQu:Pl0ZTySfdFH8UGHjr8ymTdVT
Score

10^/10

bitrat trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2