General
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/Cryakl/Ultimate-RAT-Collection/tree/main/BitRAT
Resource
win10v2004-20250217-en
Behavioral task
behavioral2
Sample
https://github.com/Cryakl/Ultimate-RAT-Collection/tree/main/BitRAT
Resource
win10ltsc2021-20250217-en
Behavioral task
behavioral3
Sample
https://github.com/Cryakl/Ultimate-RAT-Collection/tree/main/BitRAT
Resource
win11-20250217-en
Malware Config
Extracted
bitrat
1.38
favorali.duckdns.org:2331
127.0.0.1:1234
-
communication_password
81dc9bdb52d04dc20036dbd8313ed055
-
tor_process
tor
Targets
-
-
Target
https://github.com/Cryakl/Ultimate-RAT-Collection/tree/main/BitRAT
-
Bitrat family
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Xenarmor family
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
5Credentials In Files
4Credentials in Registry
1