bitrat | f4088e6672ab5c67475864cd429734c4693269b72377f06a3f55a48b333390cc | Triage

Sharing

General

Target

f4088e6672ab5c67475864cd429734c4693269b72377f06a3f55a48b333390cc
Size

3.8MB
Sample

240229-lrsczade79
MD5

597c03ec993d20052e1d0a9d5853ce5b
SHA1

9465c11cdcb81d0943376ae43b9dd77c515c8f01
SHA256

f4088e6672ab5c67475864cd429734c4693269b72377f06a3f55a48b333390cc
SHA512

34bac5acbc0044acb77da9ad215c7351883914f3a3914f4945b05c7899d22f0321f7fdaed0920d546e3cfdcac9c386228dce8b53f7d4be8324fba909000c366d
SSDEEP

49152:zXUIEeZzdeh/c7p1rNdd+JNEj0ykdj21x1YhFlX4bA/Hg/11VzeLG/7wqNKB2VIb:zXrEeZzdhjuV/gd1VzsGUqNKTHvQey6

Score

10^/10

bitrat trojan

Malware Config

Extracted

Family

bitrat

Version

1.35

C2

yatzufn.ddns.net:1900

Attributes

communication_password
202cb962ac59075b964b07152d234b70
tor_process
tor

Targets

- Target
  
  f4088e6672ab5c67475864cd429734c4693269b72377f06a3f55a48b333390cc
- Size
  
  3.8MB
- MD5
  
  597c03ec993d20052e1d0a9d5853ce5b
- SHA1
  
  9465c11cdcb81d0943376ae43b9dd77c515c8f01
- SHA256
  
  f4088e6672ab5c67475864cd429734c4693269b72377f06a3f55a48b333390cc
- SHA512
  
  34bac5acbc0044acb77da9ad215c7351883914f3a3914f4945b05c7899d22f0321f7fdaed0920d546e3cfdcac9c386228dce8b53f7d4be8324fba909000c366d
- SSDEEP
  
  49152:zXUIEeZzdeh/c7p1rNdd+JNEj0ykdj21x1YhFlX4bA/Hg/11VzeLG/7wqNKB2VIb:zXrEeZzdhjuV/gd1VzsGUqNKTHvQey6
Score

10^/10

bitrat trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2