bitrat | 93974f2a42d247f0c551b0fd9913872c27940c0671423814c0b9a0f2021a30e5 | Triage

Sharing

General

Target

attachment_2137.zip
Size

3.8MB
Sample

231227-ndkr3sghd8
MD5

c31f4f4c470b56723900912c48b4cc29
SHA1

15134c97ab6e66a080cf246b99c4a7d4edbd556f
SHA256

93974f2a42d247f0c551b0fd9913872c27940c0671423814c0b9a0f2021a30e5
SHA512

35af5069e631a145f58a19f79df171dc17327d0a5975a054e7b07fa9282b7ab0234930cb3973c2bc3cb6e80f63eb57584ffb6df950ef87bd07b27f55089f9f2d
SSDEEP

98304:N3Iec23P9qy6bn5QtDkmGrqajwjD01mjGT8c:uYPi6JuqakuTAc

Score

10^/10

bitrat agilenet persistence trojan

Malware Config

Extracted

Family

bitrat

Version

1.35

C2

snkno.duckdns.org:43413

Attributes

communication_password
827ccb0eea8a706c4c34a16891f84e7b
tor_process
tor

Targets

- Target
  
  attachment_2137.exe
- Size
  
  6.0MB
- MD5
  
  37580d09f99717268666e091c21d344a
- SHA1
  
  0b7df2ebdf61753c183c818db71b4b1f6fd57841
- SHA256
  
  12d9848e317dcbf7dfb95649d7198fd93475f8b4cd093a252f28caeed8093001
- SHA512
  
  f2a1295003d64be1c768afbc6bd0f93ba53a39a883759952246371d9552777432193c35a702697061febb192cb365843480cc52c3dc44d90312a4e8be7e66749
- SSDEEP
  
  98304:JyQZRhelFuTw99bP/nCURx/PKnBWrmVjefsn+1:sQ7w99GURx/PKwQe
Score

10^/10

bitrat agilenet persistence trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

bitratagilenetpersistencetrojan