bitrat | 1e8e3671dd56c2bd4f191829a34b44b1e8cbc23bbb7d7451f48f704cb1d7d897 | Triage

Sharing

General

Target

2724626cb9333d952980622e28dc626c
Size

4.0MB
Sample

231219-pytfdsgeb4
MD5

2724626cb9333d952980622e28dc626c
SHA1

8bddfeaa519816cc229574785890f080537e83f4
SHA256

1e8e3671dd56c2bd4f191829a34b44b1e8cbc23bbb7d7451f48f704cb1d7d897
SHA512

337286e4a3766e9db703d4af95620a1baa1bb06826a7d066c8df9fd85999bb0db352ca303f8c5b47b7685df821bf79d1aea4b25313e04cedca93763bef76527e
SSDEEP

98304:VwBzHiSHO0Xqy/FXiCxGOA/9dLIJgbBN20KO:VUHiSHO06y9SCUR/78UrK

Score

10^/10

bitrat trojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

173.44.50.140:4550

Attributes

communication_password
9996535e07258a7bbfd8b132435c5962
tor_process
tor

Targets

- Target
  
  2724626cb9333d952980622e28dc626c
- Size
  
  4.0MB
- MD5
  
  2724626cb9333d952980622e28dc626c
- SHA1
  
  8bddfeaa519816cc229574785890f080537e83f4
- SHA256
  
  1e8e3671dd56c2bd4f191829a34b44b1e8cbc23bbb7d7451f48f704cb1d7d897
- SHA512
  
  337286e4a3766e9db703d4af95620a1baa1bb06826a7d066c8df9fd85999bb0db352ca303f8c5b47b7685df821bf79d1aea4b25313e04cedca93763bef76527e
- SSDEEP
  
  98304:VwBzHiSHO0Xqy/FXiCxGOA/9dLIJgbBN20KO:VUHiSHO06y9SCUR/78UrK
Score

10^/10

bitrat trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2