bitrat

User tags

Assigned on submission by the user, not by sandbox detections.

Threatview.io Proactive Hunter

Sharing

Copy URL

Twitter E-mail

General

Target

Stub.exe.3
Size

3.8MB
Sample

230912-b48wdadb36
MD5

5d422b017137a0060e7de3b1ddff3fbb
SHA1

fbc8138cc80dd477ec6bd45ade7bdd27de251260
SHA256

c733abcd9c2a5c1734242bc3238dd44e9aaf7e2c01878bebe2751c1b99f9a658
SHA512

b5794b69eb87e6e3f0fe19dfe0734a94fb342e27dc3e2936abd052d7cf8f82b672d28a250378b15c3631be6ce60a21643573d372a12917d5cbfa941f17fd4bdc
SSDEEP

98304:d77Pmq33rE/JDLPWZADUGer7B6iY74M/7mlwXVZ4FB:5+R/eZADUXR

Score

10^/10

Malware Config

Extracted

Family

bitrat

Version

1.38

smgqnt3eixxksasu.xyz:1234

Attributes

communication_password
30afda4853ef5b1bc36463ba95d84247
tor_process
tor

Targets

- Target
  
  Stub.exe.3
- Size
  
  3.8MB
- MD5
  
  5d422b017137a0060e7de3b1ddff3fbb
- SHA1
  
  fbc8138cc80dd477ec6bd45ade7bdd27de251260
- SHA256
  
  c733abcd9c2a5c1734242bc3238dd44e9aaf7e2c01878bebe2751c1b99f9a658
- SHA512
  
  b5794b69eb87e6e3f0fe19dfe0734a94fb342e27dc3e2936abd052d7cf8f82b672d28a250378b15c3631be6ce60a21643573d372a12917d5cbfa941f17fd4bdc
- SSDEEP
  
  98304:d77Pmq33rE/JDLPWZADUGer7B6iY74M/7mlwXVZ4FB:5+R/eZADUXR
Score

10^/10

bitrat persistence trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

User tags

Sharing

General

Malware Config

Extracted

Targets

Downloads MZ/PE file

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2