bitrat | 10d3822ac14a988d3fb6b5106e82b4727aa714eaa054fa4d54b0fbf96d6953e8 | Triage

Sharing

General

Target

10d3822ac14a988d3fb6b5106e82b4727aa714eaa054fa4d54b0fbf96d6953e8
Size

10.0MB
Sample

230306-defjmsad34
MD5

e872b597a98c83ad62c74877a03f35f8
SHA1

1761f0e80f0040a479551fc89885b43c2ded2131
SHA256

10d3822ac14a988d3fb6b5106e82b4727aa714eaa054fa4d54b0fbf96d6953e8
SHA512

2a6ea5dfc324d2e370e1b0baf13e99ccf48c35770549670a03a6a68d9964db4302304f686b6186832176982331c01679cf66155d9b3205cdd2bcd2303d6ad666
SSDEEP

98304:fRIevuEMjmkDQP2qxKahmUBFpHZDTk2e2RT16/UvYYn:fDuJjmkDQP20KamUVZHky2IY

Score

10^/10

bitrat trojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

bit747.duckdns.org:1010

Attributes

communication_password
81dc9bdb52d04dc20036dbd8313ed055
tor_process
tor

Targets

- Target
  
  10d3822ac14a988d3fb6b5106e82b4727aa714eaa054fa4d54b0fbf96d6953e8
- Size
  
  10.0MB
- MD5
  
  e872b597a98c83ad62c74877a03f35f8
- SHA1
  
  1761f0e80f0040a479551fc89885b43c2ded2131
- SHA256
  
  10d3822ac14a988d3fb6b5106e82b4727aa714eaa054fa4d54b0fbf96d6953e8
- SHA512
  
  2a6ea5dfc324d2e370e1b0baf13e99ccf48c35770549670a03a6a68d9964db4302304f686b6186832176982331c01679cf66155d9b3205cdd2bcd2303d6ad666
- SSDEEP
  
  98304:fRIevuEMjmkDQP2qxKahmUBFpHZDTk2e2RT16/UvYYn:fDuJjmkDQP20KamUVZHky2IY
Score

10^/10

bitrat trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2