bitrat | 1c0493090eb306714a26e5a30404947c325dc75410adf4ee4ea18ea159302b9a | Triage

Sharing

General

Target

1c0493090eb306714a26e5a30404947c325dc75410adf4ee4ea18ea159302b9a
Size

3.8MB
Sample

230408-htxhxseb8s
MD5

d07b7112b39c9eee7eaeba1adb099543
SHA1

1df70cc161540228240e1dde290ac2f5efcfbb0c
SHA256

1c0493090eb306714a26e5a30404947c325dc75410adf4ee4ea18ea159302b9a
SHA512

9f82564e59b49e503de3aad4b7a28a163b3de543a807522c48c5b6f3a005cb38b37e99fab6865e0e064be9c1cf6e2cbec616e7cbb2218ea9f1fbd2015ef9e135
SSDEEP

98304:cCtEONaf1kMdpRfZJDRJwdaUNa8gPgEICG6x098gJ2uCB9Ml:RE0UkkHRJuNawLCG6x+8gJFm

Score

10^/10

bitrat trojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

74.201.28.92:3569

Attributes

communication_password
148b191cf4e80b549e1b1a4444f2bdf6
tor_process
tor

Targets

- Target
  
  1c0493090eb306714a26e5a30404947c325dc75410adf4ee4ea18ea159302b9a
- Size
  
  3.8MB
- MD5
  
  d07b7112b39c9eee7eaeba1adb099543
- SHA1
  
  1df70cc161540228240e1dde290ac2f5efcfbb0c
- SHA256
  
  1c0493090eb306714a26e5a30404947c325dc75410adf4ee4ea18ea159302b9a
- SHA512
  
  9f82564e59b49e503de3aad4b7a28a163b3de543a807522c48c5b6f3a005cb38b37e99fab6865e0e064be9c1cf6e2cbec616e7cbb2218ea9f1fbd2015ef9e135
- SSDEEP
  
  98304:cCtEONaf1kMdpRfZJDRJwdaUNa8gPgEICG6x098gJ2uCB9Ml:RE0UkkHRJuNawLCG6x+8gJFm
Score

10^/10

bitrat trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Executes dropped EXE
- Uses the VBS compiler for execution
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Scripting

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2