bitrat | 1026f3f2041ac034444810ec08cf93d80089576f1c9cfd7d39b3e8581069507e | Triage

Sharing

General

Target

1026f3f2041ac034444810ec08cf93d80089576f1c9cfd7d39b3e8581069507e
Size

3.8MB
Sample

240229-nyfc4agd89
MD5

ef76803ef1b7f012e12bb9961cf5a0fa
SHA1

c9104c035bade14e4ca91ce8f477bb78486cb17a
SHA256

1026f3f2041ac034444810ec08cf93d80089576f1c9cfd7d39b3e8581069507e
SHA512

e56809a732090d2656ec40ce13ce0f9be4cf0a01a72924ee097d086fca99061d0d5b6dede855b1bb271abbde9d780970d83de83665cc8ecdf0995e70551bc7d1
SSDEEP

98304:d77Pmq33rE/JDLPWZADUGer7B6iY74M/hmlwXVZ4FB0:5+R/eZADUXRg

Score

10^/10

bitrat trojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

paintedkitty.duckdns.org:4444

Attributes

communication_password
202cb962ac59075b964b07152d234b70
tor_process
tor

Targets

- Target
  
  1026f3f2041ac034444810ec08cf93d80089576f1c9cfd7d39b3e8581069507e
- Size
  
  3.8MB
- MD5
  
  ef76803ef1b7f012e12bb9961cf5a0fa
- SHA1
  
  c9104c035bade14e4ca91ce8f477bb78486cb17a
- SHA256
  
  1026f3f2041ac034444810ec08cf93d80089576f1c9cfd7d39b3e8581069507e
- SHA512
  
  e56809a732090d2656ec40ce13ce0f9be4cf0a01a72924ee097d086fca99061d0d5b6dede855b1bb271abbde9d780970d83de83665cc8ecdf0995e70551bc7d1
- SSDEEP
  
  98304:d77Pmq33rE/JDLPWZADUGer7B6iY74M/hmlwXVZ4FB0:5+R/eZADUXRg
Score

10^/10

bitrat trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2