bitrat | 5d5318419153167c1c9bd2df966ab89afa9e881542730536dd52602e1507419d | Triage

Sharing

General

Target

5d5318419153167c1c9bd2df966ab89afa9e881542730536dd52602e1507419d
Size

4.6MB
Sample

231113-j3gdqsbd91
MD5

18659566d6597e168fd75f0f64ae0acf
SHA1

fff293bd1462125fe483746807abfd78d7e7a68e
SHA256

5d5318419153167c1c9bd2df966ab89afa9e881542730536dd52602e1507419d
SHA512

a51845c1b5d2971ea77adfdd49e66b6ab2a4ec3ea23fc1f4913bf26c1204c6a4c87785ae5e09730d8efcbb934c991a8be0d689308f9de058d81f04560b3b9282
SSDEEP

98304:4lxNooNy3ezMYFgCMGoVGjjCSsVzQBh9pAO5PuKBeVUFyiZuqnv:2KojxasoO6zQBGO5PNsVUF9u

Score

10^/10

bitrat persistence trojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

185.31.111.198:25001

Attributes

communication_password
d7dcd79b773dc85c89b84862cdedb6cf
install_dir
temp
install_file
system.exe
tor_process
tor

Targets

- Target
  
  5d5318419153167c1c9bd2df966ab89afa9e881542730536dd52602e1507419d
- Size
  
  4.6MB
- MD5
  
  18659566d6597e168fd75f0f64ae0acf
- SHA1
  
  fff293bd1462125fe483746807abfd78d7e7a68e
- SHA256
  
  5d5318419153167c1c9bd2df966ab89afa9e881542730536dd52602e1507419d
- SHA512
  
  a51845c1b5d2971ea77adfdd49e66b6ab2a4ec3ea23fc1f4913bf26c1204c6a4c87785ae5e09730d8efcbb934c991a8be0d689308f9de058d81f04560b3b9282
- SSDEEP
  
  98304:4lxNooNy3ezMYFgCMGoVGjjCSsVzQBh9pAO5PuKBeVUFyiZuqnv:2KojxasoO6zQBGO5PNsVUF9u
Score

10^/10

bitrat trojan persistence
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Detects DLL dropped by Raspberry Robin.
  Raspberry Robin.
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

bitratpersistencetrojan