bitrat | 680493394907af7edb8c6c3c80d04561d7e597ad751900fb064af285e7aaf57b | Triage

Submit
Reports

Overview

overview

Static

static

3

6804933949...7b.exe

windows10-1703-x64

Sharing

General

Target

680493394907af7edb8c6c3c80d04561d7e597ad751900fb064af285e7aaf57b
Size

3.2MB
Sample

230525-nxbzaahe92
MD5

af19789d0289ff3e415dd28e6cfa4a92
SHA1

c71c49ddc98dea032688c80d253e36efc3541bbc
SHA256

680493394907af7edb8c6c3c80d04561d7e597ad751900fb064af285e7aaf57b
SHA512

730ee3b6f37b39dbab89d4f4861c420c46f353f00a6065e0b681214bf6e7d0af34eb60e5d2c743a2570a70e2e7d090ca4a7a705c71c97d8eff6f555cf6152972
SSDEEP

49152:meAQahgmy5H5xwSc3qAfWgKn7YtXT8kNEWQ8htSYJF5RnRmMEv9gvB/R6GnpBTeJ:mxO5O3qAfWgKnQwMZQ8/rrR8v9Q7FCyQ

Score

10^/10

bitrat rhadamanthys stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

680493394907af7edb8c6c3c80d04561d7e597ad751900fb064af285e7aaf57b.exe

Resource

win10-20230915-en

bitrat rhadamanthys stealer trojan

windows10-1703-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

179.43.142.55:1995

Attributes

communication_password
a76d949640a165da25ccfe9a8fd82c8a
tor_process
tor

Extracted

Family

rhadamanthys

C2

http://163.123.142.243/lekamapopo/6bw0pk.h5m8

Targets

- Target
  
  680493394907af7edb8c6c3c80d04561d7e597ad751900fb064af285e7aaf57b
- Size
  
  3.2MB
- MD5
  
  af19789d0289ff3e415dd28e6cfa4a92
- SHA1
  
  c71c49ddc98dea032688c80d253e36efc3541bbc
- SHA256
  
  680493394907af7edb8c6c3c80d04561d7e597ad751900fb064af285e7aaf57b
- SHA512
  
  730ee3b6f37b39dbab89d4f4861c420c46f353f00a6065e0b681214bf6e7d0af34eb60e5d2c743a2570a70e2e7d090ca4a7a705c71c97d8eff6f555cf6152972
- SSDEEP
  
  49152:meAQahgmy5H5xwSc3qAfWgKn7YtXT8kNEWQ8htSYJF5RnRmMEv9gvB/R6GnpBTeJ:mxO5O3qAfWgKnQwMZQ8/rrR8v9Q7FCyQ
Score

10^/10

bitrat rhadamanthys stealer trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Detect rhadamanthys stealer shellcode
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Blocklisted process makes network request
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bitratrhadamanthysstealertrojan

© 2018-2024

Terms | Privacy