bitrat | 8e8827ed347a6b6cd5b40fe6aebfcdd7c49428f8eefd7b3e3b632665e3146eba | Triage

Sharing

General

Target

8e8827ed347a6b6cd5b40fe6aebfcdd7c49428f8eefd7b3e3b632665e3146eba
Size

3.8MB
Sample

230612-3j6daseg3y
MD5

abd3a818bf34951452f6bbaa1af39c46
SHA1

71371bbbfe3a4e5a4bfcd39db15fc4d32284ec0e
SHA256

8e8827ed347a6b6cd5b40fe6aebfcdd7c49428f8eefd7b3e3b632665e3146eba
SHA512

1fac8a3f64ed6cf529a9c1e1ad73139688ca1ab0ff27fe147c80e348777119ceff60fd6beb9c1ebff395ccd71cb0a54bcd1b2d7ab0dda7549570620b69c6db05
SSDEEP

98304:d77Pmq33rE/JDLPWZADUGer7B6iY74M/LmlwXVZ4FB:5+R/eZADUXR

Score

10^/10

bitrat persistence trojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

executivemoney.ddns.net:1234

Attributes

communication_password
81dc9bdb52d04dc20036dbd8313ed055
install_dir
dsad
install_file
yeso.exe
tor_process
tor

Targets

- Target
  
  8e8827ed347a6b6cd5b40fe6aebfcdd7c49428f8eefd7b3e3b632665e3146eba
- Size
  
  3.8MB
- MD5
  
  abd3a818bf34951452f6bbaa1af39c46
- SHA1
  
  71371bbbfe3a4e5a4bfcd39db15fc4d32284ec0e
- SHA256
  
  8e8827ed347a6b6cd5b40fe6aebfcdd7c49428f8eefd7b3e3b632665e3146eba
- SHA512
  
  1fac8a3f64ed6cf529a9c1e1ad73139688ca1ab0ff27fe147c80e348777119ceff60fd6beb9c1ebff395ccd71cb0a54bcd1b2d7ab0dda7549570620b69c6db05
- SSDEEP
  
  98304:d77Pmq33rE/JDLPWZADUGer7B6iY74M/LmlwXVZ4FB:5+R/eZADUXR
Score

10^/10

bitrat persistence trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bitratpersistencetrojan

behavioral2

bitratpersistencetrojan