bitrat | 954226b2a3caf5b0a7924bdfdcd4f6a551d04f9ed25924c4081c3f749a1ce020 | Triage

Sharing

General

Target

1c0493090eb306714a26e5a30404947c325dc75410adf4ee4ea18ea159302b9a.zip
Size

3.6MB
Sample

230321-rwfsmaba39
MD5

e2a8056c3f78226f90bf3711be43a491
SHA1

73a9ef28c0079f1c68a07fb790c4949b2cd88802
SHA256

954226b2a3caf5b0a7924bdfdcd4f6a551d04f9ed25924c4081c3f749a1ce020
SHA512

ee5b1f57fa7d48ed48eb64b006e980ca4746cc91123fcfdeceb2ead8055c959ccabe3f056c5fa891eec3f47c15a42ce2f623c8e5a7e724586987366dfe6e79b2
SSDEEP

98304:dl0fmnWOE7Tb1Ah5oypq0NHqA0M+nnfoY7xZ9Vqg71ceSx:nGmWOESLdqA0bfF9Zxc

Score

10^/10

bitrat trojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

74.201.28.92:3569

Attributes

communication_password
148b191cf4e80b549e1b1a4444f2bdf6
tor_process
tor

Targets

- Target
  
  1c0493090eb306714a26e5a30404947c325dc75410adf4ee4ea18ea159302b9a.exe
- Size
  
  3.8MB
- MD5
  
  d07b7112b39c9eee7eaeba1adb099543
- SHA1
  
  1df70cc161540228240e1dde290ac2f5efcfbb0c
- SHA256
  
  1c0493090eb306714a26e5a30404947c325dc75410adf4ee4ea18ea159302b9a
- SHA512
  
  9f82564e59b49e503de3aad4b7a28a163b3de543a807522c48c5b6f3a005cb38b37e99fab6865e0e064be9c1cf6e2cbec616e7cbb2218ea9f1fbd2015ef9e135
- SSDEEP
  
  98304:cCtEONaf1kMdpRfZJDRJwdaUNa8gPgEICG6x098gJ2uCB9Ml:RE0UkkHRJuNawLCG6x+8gJFm
Score

10^/10

bitrat trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Executes dropped EXE
- Uses the VBS compiler for execution
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2