bitrat | e139a350242af220a379940c1a667891161ff92bdcdbb5acd024076a27ddbf56 | Triage

Sharing

General

Target

898f0ec3d9588199aa00da724447b5bb_JaffaCakes118
Size

2.1MB
Sample

241103-ephx7avdjp
MD5

898f0ec3d9588199aa00da724447b5bb
SHA1

0a5a6aa8a1e8fb83b71516d9086d899836410ba2
SHA256

e139a350242af220a379940c1a667891161ff92bdcdbb5acd024076a27ddbf56
SHA512

ff309a380ec33837425f4eaf64de9dbdf1f2446024e93a2ca67bc3b5749c8f417be82e1043858cd45a614d14b3d84fb67537457067e6fb95154dae0271d6fb09
SSDEEP

49152:QfQtjoZLBU0ZId3qgF6TuWrYWjvGyh8iw:Qf4oZ3INqgUT1rYWjuy

Score

10^/10

bitrat discovery persistence trojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

45.153.241.244:5506

Attributes

communication_password
fcea920f7412b5da7be0cf42b8c93759
install_dir
esb6asg
install_file
wsd.exe
tor_process
tor

Targets

- Target
  
  898f0ec3d9588199aa00da724447b5bb_JaffaCakes118
- Size
  
  2.1MB
- MD5
  
  898f0ec3d9588199aa00da724447b5bb
- SHA1
  
  0a5a6aa8a1e8fb83b71516d9086d899836410ba2
- SHA256
  
  e139a350242af220a379940c1a667891161ff92bdcdbb5acd024076a27ddbf56
- SHA512
  
  ff309a380ec33837425f4eaf64de9dbdf1f2446024e93a2ca67bc3b5749c8f417be82e1043858cd45a614d14b3d84fb67537457067e6fb95154dae0271d6fb09
- SSDEEP
  
  49152:QfQtjoZLBU0ZId3qgF6TuWrYWjvGyh8iw:Qf4oZ3INqgUT1rYWjuy
Score

10^/10

bitrat discovery persistence trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Bitrat family
  bitrat
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bitratdiscoverypersistencetrojan

behavioral2

bitratdiscoverypersistencetrojan