bitrat | 2dd362ecd871dc5fb308a1d1629a657f2e3144c181e6450756e2865b6f0869ca | Triage

Sharing

General

Target

5e59494d3a2fc44147d0318564650393_JaffaCakes118
Size

4.0MB
Sample

240720-axcnxs1hne
MD5

5e59494d3a2fc44147d0318564650393
SHA1

d089d7201ac6adaf70a547b754ee48e839643844
SHA256

2dd362ecd871dc5fb308a1d1629a657f2e3144c181e6450756e2865b6f0869ca
SHA512

53da767bfa7d46475ded9995296345da247cd3e9a98ed11841e18216326fdbd81d1ee13fba94b60618286f25be5d07243001f4f6f7b6507a9ce9ced75eebdd06
SSDEEP

98304:kQeauo7Bnr3VGKkN2YxQ6BmvS4KB0hUXTMpJgGFwN6bmNNuRhEt:deC7BL2Cvsah/pJgTN6bmNkDEt

Score

10^/10

bitrat persistence trojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

185.157.160.136:1975

Attributes

communication_password
f49a6667c09a9e329afb64bc0a18a188
tor_process
tor

Targets

- Target
  
  5e59494d3a2fc44147d0318564650393_JaffaCakes118
- Size
  
  4.0MB
- MD5
  
  5e59494d3a2fc44147d0318564650393
- SHA1
  
  d089d7201ac6adaf70a547b754ee48e839643844
- SHA256
  
  2dd362ecd871dc5fb308a1d1629a657f2e3144c181e6450756e2865b6f0869ca
- SHA512
  
  53da767bfa7d46475ded9995296345da247cd3e9a98ed11841e18216326fdbd81d1ee13fba94b60618286f25be5d07243001f4f6f7b6507a9ce9ced75eebdd06
- SSDEEP
  
  98304:kQeauo7Bnr3VGKkN2YxQ6BmvS4KB0hUXTMpJgGFwN6bmNNuRhEt:deC7BL2Cvsah/pJgTN6bmNkDEt
Score

10^/10

bitrat persistence trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bitratpersistencetrojan

behavioral2

bitratpersistencetrojan