bitrat | 7f55a7b60a243743fe8f8f25220e8aae506d985ff963587200329f229cca2248 | Triage

Submit
Reports

Overview

overview

Static

static

1

zapitvane ...od.rtf

windows7-x64

zapitvane ...od.rtf

windows10-2004-x64

1

Sharing

General

Target

zapitvane marko bulgaria eood.doc
Size

3KB
Sample

230317-xkvqasbf2y
MD5

a5a6fbe5e7f86784d14ce1f4d7672f6b
SHA1

c8b9fc16cea841705b1b80152cc95f3322799c80
SHA256

7f55a7b60a243743fe8f8f25220e8aae506d985ff963587200329f229cca2248
SHA512

322944cc12604db232973329f9ad5e49c034d9ca4e55ffba3ddc8b4d2dc815c2afaeddae740436d07c88f46d9017902c88dac0cdc0610dcbd47cb9d0825218b3

Score

10^/10

bitrat trojan

Static task

static1

Behavioral task

behavioral1

Sample

zapitvane marko bulgaria eood.rtf

Resource

win7-20230220-en

windows7-x64

22 signatures

150 seconds

Behavioral task

behavioral2

Sample

zapitvane marko bulgaria eood.rtf

Resource

win10v2004-20230221-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

74.201.28.92:3569

Attributes

communication_password
148b191cf4e80b549e1b1a4444f2bdf6
tor_process
tor

Targets

- Target
  
  zapitvane marko bulgaria eood.doc
- Size
  
  3KB
- MD5
  
  a5a6fbe5e7f86784d14ce1f4d7672f6b
- SHA1
  
  c8b9fc16cea841705b1b80152cc95f3322799c80
- SHA256
  
  7f55a7b60a243743fe8f8f25220e8aae506d985ff963587200329f229cca2248
- SHA512
  
  322944cc12604db232973329f9ad5e49c034d9ca4e55ffba3ddc8b4d2dc815c2afaeddae740436d07c88f46d9017902c88dac0cdc0610dcbd47cb9d0825218b3
Score

10^/10

bitrat trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Exploitation for Client Execution

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy