bitrat | 50a82f38bb99d62f938687184c3c67bfa357ab76afc9d70cdd9e6a67eb519294 | Triage

Sharing

General

Target

c898aa2a13c78c3501ad45bf5690e461
Size

3.1MB
Sample

231222-r29b5aefe3
MD5

c898aa2a13c78c3501ad45bf5690e461
SHA1

562ac688a4d849460388fe852392abea4084c61b
SHA256

50a82f38bb99d62f938687184c3c67bfa357ab76afc9d70cdd9e6a67eb519294
SHA512

592f5721eb6dda68e3dce630082ef28deccdd05f1912a9a8987e49e6b3284fafc635272ab6cfb870d3969ebb0eb121cfbe203a79cf9fd2b02d41640f22c805f0
SSDEEP

49152:sX+5guoYh48F/GjUU6UQo8P5wVyRNnBn2giGIsE+o7DFmb7TW0gc4DTY+57VJv3u:sX+quoSh5ElnFRc43d9rv3IEZhp3mpL

Score

10^/10

bitrat trojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

mfocuz.com:1537

Attributes

communication_password
25f9e794323b453885f5181f1b624d0b
tor_process
tor

Targets

- Target
  
  c898aa2a13c78c3501ad45bf5690e461
- Size
  
  3.1MB
- MD5
  
  c898aa2a13c78c3501ad45bf5690e461
- SHA1
  
  562ac688a4d849460388fe852392abea4084c61b
- SHA256
  
  50a82f38bb99d62f938687184c3c67bfa357ab76afc9d70cdd9e6a67eb519294
- SHA512
  
  592f5721eb6dda68e3dce630082ef28deccdd05f1912a9a8987e49e6b3284fafc635272ab6cfb870d3969ebb0eb121cfbe203a79cf9fd2b02d41640f22c805f0
- SSDEEP
  
  49152:sX+5guoYh48F/GjUU6UQo8P5wVyRNnBn2giGIsE+o7DFmb7TW0gc4DTY+57VJv3u:sX+quoSh5ElnFRc43d9rv3IEZhp3mpL
Score

10^/10

bitrat trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2