bitrat | 10d3822ac14a988d3fb6b5106e82b4727aa714eaa054fa4d54b0fbf96d6953e8 | Triage

Sharing

General

Target

10d3822ac14a988d3fb6b5106e82b4727aa714eaa054fa4d54b0fbf96d6953e8
Size

10.0MB
Sample

230306-defjmsad34
MD5

e872b597a98c83ad62c74877a03f35f8
SHA1

1761f0e80f0040a479551fc89885b43c2ded2131
SHA256

10d3822ac14a988d3fb6b5106e82b4727aa714eaa054fa4d54b0fbf96d6953e8
SHA512

2a6ea5dfc324d2e370e1b0baf13e99ccf48c35770549670a03a6a68d9964db4302304f686b6186832176982331c01679cf66155d9b3205cdd2bcd2303d6ad666
SSDEEP

98304:fRIevuEMjmkDQP2qxKahmUBFpHZDTk2e2RT16/UvYYn:fDuJjmkDQP20KamUVZHky2IY

Score

10^/10

bitrat trojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

bit747.duckdns.org:1010

Attributes

communication_password
81dc9bdb52d04dc20036dbd8313ed055
tor_process
tor

Targets

- Target
  
  10d3822ac14a988d3fb6b5106e82b4727aa714eaa054fa4d54b0fbf96d6953e8
- Size
  
  10.0MB
- MD5
  
  e872b597a98c83ad62c74877a03f35f8
- SHA1
  
  1761f0e80f0040a479551fc89885b43c2ded2131
- SHA256
  
  10d3822ac14a988d3fb6b5106e82b4727aa714eaa054fa4d54b0fbf96d6953e8
- SHA512
  
  2a6ea5dfc324d2e370e1b0baf13e99ccf48c35770549670a03a6a68d9964db4302304f686b6186832176982331c01679cf66155d9b3205cdd2bcd2303d6ad666
- SSDEEP
  
  98304:fRIevuEMjmkDQP2qxKahmUBFpHZDTk2e2RT16/UvYYn:fDuJjmkDQP20KamUVZHky2IY
Score

10^/10

bitrat trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2