bitrat | 5530522e25f6914e281144b9d5d119fe31d810e1e91fc71f0f7ed312528f0615 | Triage

Sharing

General

Target

23c38ceef63fdb7a980019e03e931920N
Size

4.9MB
Sample

240911-eh4ajsscrh
MD5

23c38ceef63fdb7a980019e03e931920
SHA1

058e6293a23d54164e8f3431e44059b6e8c1d709
SHA256

5530522e25f6914e281144b9d5d119fe31d810e1e91fc71f0f7ed312528f0615
SHA512

7cd85775424c134efca25575675b6f4b491fc1d0a7fd61c00dc8e3cf751e95d73c046ca927c0a32a941994b72a93b5dd974760658c8268fd84e066af4bee308f
SSDEEP

98304:qH47T0SDn+CFHc8DzA8f+LKE6weJVmJlM+FYeK8KGdIYymzQsA:r0SDnTHc8DzdfCjeJIS+aeHpdIw9

Score

10^/10

bitrat discovery trojan

Malware Config

Extracted

Family

bitrat

Version

1.33

C2

185.157.162.81:1973

Attributes

communication_password
f49a6667c09a9e329afb64bc0a18a188
tor_process
tor

Targets

- Target
  
  23c38ceef63fdb7a980019e03e931920N
- Size
  
  4.9MB
- MD5
  
  23c38ceef63fdb7a980019e03e931920
- SHA1
  
  058e6293a23d54164e8f3431e44059b6e8c1d709
- SHA256
  
  5530522e25f6914e281144b9d5d119fe31d810e1e91fc71f0f7ed312528f0615
- SHA512
  
  7cd85775424c134efca25575675b6f4b491fc1d0a7fd61c00dc8e3cf751e95d73c046ca927c0a32a941994b72a93b5dd974760658c8268fd84e066af4bee308f
- SSDEEP
  
  98304:qH47T0SDn+CFHc8DzA8f+LKE6weJVmJlM+FYeK8KGdIYymzQsA:r0SDnTHc8DzdfCjeJIS+aeHpdIw9
Score

10^/10

bitrat discovery trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bitratdiscoverytrojan

behavioral2

bitratdiscoverytrojan