bitrat | 6c3b0f6fa0f3ea807c3a7ac53bfa13930c7b806020c8b7ccf2825b2b6f3ae771 | Triage

Sharing

General

Target

4bbf8447f25f44cabc87e9e20bf6594475f999a58e86c76bbad265d1db9bd513.zip
Size

4.1MB
Sample

230321-rwf4dsda9t
MD5

9e9135228040acb43c1cdb47a603c9c1
SHA1

2439376b9c5360c357b799645f30404faa6a854c
SHA256

6c3b0f6fa0f3ea807c3a7ac53bfa13930c7b806020c8b7ccf2825b2b6f3ae771
SHA512

1006d63e50b69b6d4941c5bb50ea7b3f485eeb280a2ecf2cd0c9d3625402cff76c49424d264a0d325feb94a6dce378e081ed2972f12399474bff0311b759ee7a
SSDEEP

98304:QjxL6szJ9exJ7suxDGPIX2P/kR6neZFA9HxMVLPLKj1hh5sXL:ybJSJ7s+nX2P/kR6ecrMVLPchhW7

Score

10^/10

bitrat redline infostealer trojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

185.246.220.122:1488

Attributes

communication_password
81dc9bdb52d04dc20036dbd8313ed055
tor_process
tor

Extracted

Family

redline

C2

185.246.220.122:7164

Attributes

auth_value
bc36aaf1c6447fa611401422deaa29dd

Targets

- Target
  
  4bbf8447f25f44cabc87e9e20bf6594475f999a58e86c76bbad265d1db9bd513.exe
- Size
  
  4.2MB
- MD5
  
  446215913dd436aae1317ad90bf75677
- SHA1
  
  6f9c887f3fe17b16045fd2fa2d754c744447a4d2
- SHA256
  
  4bbf8447f25f44cabc87e9e20bf6594475f999a58e86c76bbad265d1db9bd513
- SHA512
  
  dd1b3f89efb92245640289b43ceedbf3bb562578286966d3a72bd03ff145f36054788353d39804489174c6f9018624820f54cad560394be7cf09f5127188acb3
- SSDEEP
  
  98304:scyyd+oHduCY3f3rFQtAjgyzZdGxHeqWF0KfgOjCH:sAswQFQtLUGFeqlm
Score

10^/10

bitrat redline infostealer trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bitratredlineinfostealertrojan

behavioral2

bitratredlineinfostealertrojan