bitrat | fbfa16c8f31897ceefddab7d738fd1596028ce0fa3218f5c5c42d1c19469d90e | Triage

Sharing

General

Target

be7631a548ea45c58e25d9c3983bb103_JaffaCakes118
Size

4.5MB
Sample

240824-m71vqaxaqh
MD5

be7631a548ea45c58e25d9c3983bb103
SHA1

16910a73765ae752e4438975ef621a7f34c6313e
SHA256

fbfa16c8f31897ceefddab7d738fd1596028ce0fa3218f5c5c42d1c19469d90e
SHA512

0cd1614999964d76681635db5f276b6dceb3b8a3b1005e3095de450cdc0cf471fc7097476ddd89d2ba9783f911b9c5cb4fa36050eccd0924a0d1dc08a523fdd2
SSDEEP

98304:MUeOuWYRJaTDZGK6QaDU+5qDDIc6Rd24v5cFlcqAzK:sznw/6VDUrJ6z24eOq4

Score

10^/10

bitrat discovery trojan

Malware Config

Extracted

Family

bitrat

Version

1.34

C2

194.5.98.37:4898

Attributes

communication_password
f830115cf81c3c3986d8ea87902cea65
tor_process
tor

Targets

- Target
  
  be7631a548ea45c58e25d9c3983bb103_JaffaCakes118
- Size
  
  4.5MB
- MD5
  
  be7631a548ea45c58e25d9c3983bb103
- SHA1
  
  16910a73765ae752e4438975ef621a7f34c6313e
- SHA256
  
  fbfa16c8f31897ceefddab7d738fd1596028ce0fa3218f5c5c42d1c19469d90e
- SHA512
  
  0cd1614999964d76681635db5f276b6dceb3b8a3b1005e3095de450cdc0cf471fc7097476ddd89d2ba9783f911b9c5cb4fa36050eccd0924a0d1dc08a523fdd2
- SSDEEP
  
  98304:MUeOuWYRJaTDZGK6QaDU+5qDDIc6Rd24v5cFlcqAzK:sznw/6VDUrJ6z24eOq4
Score

10^/10

bitrat discovery trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bitratdiscoverytrojan

behavioral2

bitratdiscoverytrojan