bitrat | 359129fb31cb5107e3c1b2e11ff9a2c6b7b8f23788e6bc123fdb69f929adefa2 | Triage

Sharing

General

Target

359129fb31cb5107e3c1b2e11ff9a2c6b7b8f23788e6bc123fdb69f929adefa2
Size

3.8MB
Sample

240229-lm22lsch3t
MD5

4267ca88bf2869bd805e84534ae30c67
SHA1

b235306f26952e0cc5e33910945cf624d78c5f76
SHA256

359129fb31cb5107e3c1b2e11ff9a2c6b7b8f23788e6bc123fdb69f929adefa2
SHA512

2af44df72e5c6511e0d9540ec489889474662a5bdf0838efd44e24e9f9e08306040364c4ff07e235c7f1c2def53d78851096dc4772fe148f3eb464cb23092184
SSDEEP

98304:d77Pmq33rE/JDLPWZADUGer7B6iY74M/VmlwXVZ4FB:5+R/eZADUXR

Score

10^/10

bitrat trojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

95.252.122.216:1900

Attributes

communication_password
81dc9bdb52d04dc20036dbd8313ed055
tor_process
tor

Targets

- Target
  
  359129fb31cb5107e3c1b2e11ff9a2c6b7b8f23788e6bc123fdb69f929adefa2
- Size
  
  3.8MB
- MD5
  
  4267ca88bf2869bd805e84534ae30c67
- SHA1
  
  b235306f26952e0cc5e33910945cf624d78c5f76
- SHA256
  
  359129fb31cb5107e3c1b2e11ff9a2c6b7b8f23788e6bc123fdb69f929adefa2
- SHA512
  
  2af44df72e5c6511e0d9540ec489889474662a5bdf0838efd44e24e9f9e08306040364c4ff07e235c7f1c2def53d78851096dc4772fe148f3eb464cb23092184
- SSDEEP
  
  98304:d77Pmq33rE/JDLPWZADUGer7B6iY74M/VmlwXVZ4FB:5+R/eZADUXR
Score

10^/10

bitrat trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2