bitrat | e6ecd1d1d0c509224766768df9ef234bbcedd51d66288fd36ba4d55093f8d030 | Triage

Sharing

General

Target

a47434b53be19aa80e4529da0ac4e528.bin
Size

3.3MB
Sample

230703-b2t97sec83
MD5

ca5941d052d6872cc61ff991b2a03ff8
SHA1

13e0af415b784a4a6338bfb832528708c040efd6
SHA256

e6ecd1d1d0c509224766768df9ef234bbcedd51d66288fd36ba4d55093f8d030
SHA512

dfcb6a2fe4757de873f4e7b7c61c34f1992ee830f5ce757106e04e57a697f80e9ef179599b42777f9a8f806c6b5a7ee3c08e15276e37eb65d380bcae9a7fec06
SSDEEP

98304:pP4d3uc0i0vpObpPtdK4p1ND0kTNWkA0lSII/D:qd3Si0vpOtFdKAHD0kxu0S

Score

10^/10

bitrat persistence trojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

104.223.91.190:1234

Attributes

communication_password
81dc9bdb52d04dc20036dbd8313ed055
install_dir
Install path
install_file
Install name
tor_process
tor

Targets

- Target
  
  5726631bd5354455869b80013d408d97b6d479d61697aecfa253fb42caed3b1b.exe
- Size
  
  4.9MB
- MD5
  
  a47434b53be19aa80e4529da0ac4e528
- SHA1
  
  e2535e69d067f6557f2c83bd05dc47289c61b0d8
- SHA256
  
  5726631bd5354455869b80013d408d97b6d479d61697aecfa253fb42caed3b1b
- SHA512
  
  f0251d15e29042d432c141f6df43ff267cd3c912a48afe6f83ed1d5588078191eb98763608f2d89b92cb33ec54db16d42bba03a83c329b4cab84615059f28d65
- SSDEEP
  
  98304:lfROAm0ADHsXLIsFmL5vTWJdVzealPxaLnU4UUU3UUU:lfROAm0ADHsXLIBvMtUU4UUU3UUU
Score

10^/10

bitrat persistence trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Drops startup file
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

bitratpersistencetrojan