bitrat | 6b8bb012d1430923d0d808b162d4b32c4a722d466e621f2c0ff8a0f4212b11d3 | Triage

Sharing

General

Target

b8d03a02e654dfc840f21297b8dc99b2.bin
Size

7.6MB
Sample

230928-cr3z2agg34
MD5

cd8b93511f88fce3a6fff3364f2091a1
SHA1

f6d871901ba82ed7c239cab238d6368d4dd1cd82
SHA256

6b8bb012d1430923d0d808b162d4b32c4a722d466e621f2c0ff8a0f4212b11d3
SHA512

f6ac53cdc9831741fde651cd5ef14b13999817f982c8b0edb0bbed3e33085ac1c4647e7f537e30113fe63ce1b02f0bc47bc8497e390ebc7180996ff28c1fb378
SSDEEP

196608:0yNZxQzPAIJlFBol0jnEjx1KtlHuafuMr4WSXUK:FN2PFlFGl07WXKbH1fzr+X/

Score

10^/10

bitrat trojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

bitnow7005.duckdns.org:7005

Attributes

communication_password
827ccb0eea8a706c4c34a16891f84e7b
tor_process
tor

Targets

- Target
  
  40f3e277da7a04b58913ba390827cfd51b318f40768c58f81361b832096ce1ef.exe
- Size
  
  7.8MB
- MD5
  
  b8d03a02e654dfc840f21297b8dc99b2
- SHA1
  
  615aced62a15e9a1733bfb2c390ba83f024bbbd7
- SHA256
  
  40f3e277da7a04b58913ba390827cfd51b318f40768c58f81361b832096ce1ef
- SHA512
  
  5f9b459df94dac7dc17f90a8dc53d968c3c0e2fc5c41b107ece1683621ef887d8f01abeec04ec0d9beb87fd11c54f39d71c7ec5c2502ec1db68ffacd018c4194
- SSDEEP
  
  196608:KUYuomDLdUgXNjeOoUoB/mZMnsDJKB4o+uBxKd8c:TzoQLd0O6B7c0BTLjbc
Score

10^/10

bitrat trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2