bitrat | 0259c94cec130ded17d65a361f2484be71e4f0f126ddd04ad242f7c4c5a67bd6 | Triage

Sharing

General

Target

eba351f128db727db35529d2dce7fd21_JaffaCakes118
Size

4.3MB
Sample

241213-qaz4ps1khq
MD5

eba351f128db727db35529d2dce7fd21
SHA1

c4b39a4cf1e43bf0ff3a085c4219d5b68c8f08aa
SHA256

0259c94cec130ded17d65a361f2484be71e4f0f126ddd04ad242f7c4c5a67bd6
SHA512

06fc7694f599ad30c617f863a6cc74b71f47bdcafde7310f8c2158c6f234774886b7d287779b939b8c00c93b6050284fa814d693bd79fcfc174a6249f5a6bcce
SSDEEP

98304:EYVMw9JLNeLAQQF6aW4zfX4XyaixOa5EpKQC2DrEv:1mwXLoLAXWU4XDaSsgEv

Score

10^/10

bitrat discovery trojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

173.44.50.140:4550

Attributes

communication_password
9996535e07258a7bbfd8b132435c5962
tor_process
tor

Targets

- Target
  
  eba351f128db727db35529d2dce7fd21_JaffaCakes118
- Size
  
  4.3MB
- MD5
  
  eba351f128db727db35529d2dce7fd21
- SHA1
  
  c4b39a4cf1e43bf0ff3a085c4219d5b68c8f08aa
- SHA256
  
  0259c94cec130ded17d65a361f2484be71e4f0f126ddd04ad242f7c4c5a67bd6
- SHA512
  
  06fc7694f599ad30c617f863a6cc74b71f47bdcafde7310f8c2158c6f234774886b7d287779b939b8c00c93b6050284fa814d693bd79fcfc174a6249f5a6bcce
- SSDEEP
  
  98304:EYVMw9JLNeLAQQF6aW4zfX4XyaixOa5EpKQC2DrEv:1mwXLoLAXWU4XDaSsgEv
Score

10^/10

bitrat discovery trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Bitrat family
  bitrat
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bitratdiscoverytrojan

behavioral2

bitratdiscoverytrojan