bitrat | 95211867154e018e2ab4ca9cb0b4fdf18c2ba79a312ccb01eba95b2eb899d0bd | Triage

Submit
Reports

Overview

overview

Static

static

3

a97286be22...d0.exe

windows7-x64

a97286be22...d0.exe

windows10-2004-x64

Sharing

General

Target

a97286be2249f7896f0a5c171deb80d0
Size

2.5MB
Sample

240227-sccsascc5v
MD5

a97286be2249f7896f0a5c171deb80d0
SHA1

f10351ff6bc3fbababea9bdf13be7e7e4a7d04e5
SHA256

95211867154e018e2ab4ca9cb0b4fdf18c2ba79a312ccb01eba95b2eb899d0bd
SHA512

bbdce4fe5ef2dcebc15ce92d174cb776de79404c70ab660c4bc5e9546004719c0e180dd185bec1dffc57a0d1be3ba76775b967a0c95f87bb1337a9c4ba110984
SSDEEP

49152:KDVzY8tMlX0pXGRMuK3JaEzXW+DHFgmDY8HrsjhqWl:PKGX0ARVK3J5zG+DH2IYysjhRl

Score

10^/10

bitrat zgrat persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a97286be2249f7896f0a5c171deb80d0.exe

Resource

win7-20240221-en

zgrat persistence rat

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

a97286be2249f7896f0a5c171deb80d0.exe

Resource

win10v2004-20240226-en

bitrat zgrat persistence rat trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

179.43.141.103:1234

Attributes

communication_password
dc647eb65e6711e155375218212b3964
tor_process
tor

Targets

- Target
  
  a97286be2249f7896f0a5c171deb80d0
- Size
  
  2.5MB
- MD5
  
  a97286be2249f7896f0a5c171deb80d0
- SHA1
  
  f10351ff6bc3fbababea9bdf13be7e7e4a7d04e5
- SHA256
  
  95211867154e018e2ab4ca9cb0b4fdf18c2ba79a312ccb01eba95b2eb899d0bd
- SHA512
  
  bbdce4fe5ef2dcebc15ce92d174cb776de79404c70ab660c4bc5e9546004719c0e180dd185bec1dffc57a0d1be3ba76775b967a0c95f87bb1337a9c4ba110984
- SSDEEP
  
  49152:KDVzY8tMlX0pXGRMuK3JaEzXW+DHFgmDY8HrsjhqWl:PKGX0ARVK3J5zG+DH2IYysjhRl
Score

10^/10

zgrat persistence rat bitrat trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

zgratpersistencerat

behavioral2

bitratzgratpersistencerattrojan

© 2018-2024

Terms | Privacy