General

  • Target

    a97286be2249f7896f0a5c171deb80d0

  • Size

    2.5MB

  • Sample

    240227-sccsascc5v

  • MD5

    a97286be2249f7896f0a5c171deb80d0

  • SHA1

    f10351ff6bc3fbababea9bdf13be7e7e4a7d04e5

  • SHA256

    95211867154e018e2ab4ca9cb0b4fdf18c2ba79a312ccb01eba95b2eb899d0bd

  • SHA512

    bbdce4fe5ef2dcebc15ce92d174cb776de79404c70ab660c4bc5e9546004719c0e180dd185bec1dffc57a0d1be3ba76775b967a0c95f87bb1337a9c4ba110984

  • SSDEEP

    49152:KDVzY8tMlX0pXGRMuK3JaEzXW+DHFgmDY8HrsjhqWl:PKGX0ARVK3J5zG+DH2IYysjhRl

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

179.43.141.103:1234

Attributes
  • communication_password

    dc647eb65e6711e155375218212b3964

  • tor_process

    tor

Targets

    • Target

      a97286be2249f7896f0a5c171deb80d0

    • Size

      2.5MB

    • MD5

      a97286be2249f7896f0a5c171deb80d0

    • SHA1

      f10351ff6bc3fbababea9bdf13be7e7e4a7d04e5

    • SHA256

      95211867154e018e2ab4ca9cb0b4fdf18c2ba79a312ccb01eba95b2eb899d0bd

    • SHA512

      bbdce4fe5ef2dcebc15ce92d174cb776de79404c70ab660c4bc5e9546004719c0e180dd185bec1dffc57a0d1be3ba76775b967a0c95f87bb1337a9c4ba110984

    • SSDEEP

      49152:KDVzY8tMlX0pXGRMuK3JaEzXW+DHFgmDY8HrsjhqWl:PKGX0ARVK3J5zG+DH2IYysjhRl

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks