bitrat | bdb39f248d0cd06c086b5e38a8120fa4feb9208a4236f32b23e601a4037be416 | Triage

Resubmissions

21-08-2023 15:40

230821-s39vqadh37 10

11-08-2023 19:23

230811-x36khsac6w 10

Sharing

General

Target

Predictor V6.3.2.rar
Size

5.0MB
Sample

230821-s39vqadh37
MD5

4a04ee283860e4ec720766353ab2721a
SHA1

0673fb606de3a7764f2169f82ba1d1b7e2557dc4
SHA256

bdb39f248d0cd06c086b5e38a8120fa4feb9208a4236f32b23e601a4037be416
SHA512

88c6035b7351135f4c661db6a954448707debe9dcb57a79d7ea274892c28334cd7c981d83d3811f844edf1cace0b56e94300905bd39cabc2e86605b78e1bea59
SSDEEP

98304:icn5BIMWY6xaTB5L/s8M4H1NjvpBUDvJBEcRm57Infg0d8lyUCwOYD:F5rL6xaTc01NjhBUDvAd8n9d1NwFD

Score

10^/10

bitrat trojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

185.157.162.126:443

Attributes

communication_password
a76d949640a165da25ccfe9a8fd82c8a
tor_process
tor

Targets

- Target
  
  Predictor V6.3/Predictor V6.3.9.exe
- Size
  
  658KB
- MD5
  
  ab63396cb0774ac41107b7b112f81d5a
- SHA1
  
  f5dc67429147e886b01413472496576a2ee34075
- SHA256
  
  9a43c57f3e98bd69789e8ccbeef2c1b6b5a3b1d06d63257bb4bd58dffa23689d
- SHA512
  
  2121961ae2b154ba941af6937d0522505ec7e323094fb2edc7058194ae958bcf866bbbc7842924236b8635917800d0708eaabff6112f131f496189bb6e021699
- SSDEEP
  
  12288:BKwp3N7HPqUeL31VI1kR8BgrsEofzwHJem7OzwHJe0IhfiZ:swp97HyUeLFVIuRCgrsEorwpemIwpels
Score

10^/10

bitrat trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2