bitrat | 8981df04c1b64c842953da435f3c026b3d2587817c08349d04c6021575f4b3c1 | Triage

Sharing

General

Target

f3f766676d376e612866849cd7379c3d
Size

4.3MB
Sample

231220-vsblaacgfp
MD5

f3f766676d376e612866849cd7379c3d
SHA1

a8d82e59f764ba99fd85fc34db8fe0797ad80794
SHA256

8981df04c1b64c842953da435f3c026b3d2587817c08349d04c6021575f4b3c1
SHA512

a5f926080ada8246476bade3d3b1b3e2a5ab0387766d4c56bcf7b5c3c503d83c31cf599a2b96777aa21c0eb311d0d8008c2d2c33d9bc9c6c9d7526d777bd85b9
SSDEEP

98304:3btAs3T/nMYpnnMhpkz04/zTpnhv34txJfpkJnZ/6QXEv:7rGM4yJhQDJ+516eEv

Score

10^/10

bitrat trojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

173.44.50.140:4550

Attributes

communication_password
9996535e07258a7bbfd8b132435c5962
tor_process
tor

Targets

- Target
  
  f3f766676d376e612866849cd7379c3d
- Size
  
  4.3MB
- MD5
  
  f3f766676d376e612866849cd7379c3d
- SHA1
  
  a8d82e59f764ba99fd85fc34db8fe0797ad80794
- SHA256
  
  8981df04c1b64c842953da435f3c026b3d2587817c08349d04c6021575f4b3c1
- SHA512
  
  a5f926080ada8246476bade3d3b1b3e2a5ab0387766d4c56bcf7b5c3c503d83c31cf599a2b96777aa21c0eb311d0d8008c2d2c33d9bc9c6c9d7526d777bd85b9
- SSDEEP
  
  98304:3btAs3T/nMYpnnMhpkz04/zTpnhv34txJfpkJnZ/6QXEv:7rGM4yJhQDJ+516eEv
Score

10^/10

bitrat trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2