bitrat | 752de4a31961533190547dd1fe03bc8c0c0178c3a8512582ae56266e27e32c17 | Triage

Sharing

General

Target

1540c36f7454d7fc450d9ba1df2d0b27
Size

4.0MB
Sample

231221-2f46dsgac3
MD5

1540c36f7454d7fc450d9ba1df2d0b27
SHA1

e67371197f6a0b3731f787d11db284f3d684997b
SHA256

752de4a31961533190547dd1fe03bc8c0c0178c3a8512582ae56266e27e32c17
SHA512

dde9a094e7e8089a2342c63a33a9e8c8cb46d4c341e7f8ff84489757928306d39172cf89e69ec56f3568cf5f8aa3ce7cadebb65d3058b14916e6444a92525162
SSDEEP

98304:OwyTkXTVa2bSFV5zNUFzbXottPXD5BYaHiuhg:OVkXTVaummbXott/9CM

Score

10^/10

bitrat trojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

8.208.27.150:4550

Attributes

communication_password
9996535e07258a7bbfd8b132435c5962
tor_process
tor

Targets

- Target
  
  1540c36f7454d7fc450d9ba1df2d0b27
- Size
  
  4.0MB
- MD5
  
  1540c36f7454d7fc450d9ba1df2d0b27
- SHA1
  
  e67371197f6a0b3731f787d11db284f3d684997b
- SHA256
  
  752de4a31961533190547dd1fe03bc8c0c0178c3a8512582ae56266e27e32c17
- SHA512
  
  dde9a094e7e8089a2342c63a33a9e8c8cb46d4c341e7f8ff84489757928306d39172cf89e69ec56f3568cf5f8aa3ce7cadebb65d3058b14916e6444a92525162
- SSDEEP
  
  98304:OwyTkXTVa2bSFV5zNUFzbXottPXD5BYaHiuhg:OVkXTVaummbXott/9CM
Score

10^/10

bitrat trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2