General
-
Target
2025-03-30_72c81db7f9436e4cf9412e713adcfcc1_bitrat_black-basta_coinminer_luca-stealer
-
Size
7.8MB
-
Sample
250330-cr3z2axzft
-
MD5
72c81db7f9436e4cf9412e713adcfcc1
-
SHA1
1ad4cb6d338ffb238fa5090b27785a73a5bf9b59
-
SHA256
5b0bd0f788bfe6a0d0850dd8c7445f92f8c4b9d5567b1335a6e46b47d5e1e8e0
-
SHA512
2e5fab88ff4717a32fed68f0612a4ae1e696f1103da36d01fc296708fb24e5543b84010ff26af31ef0b1eadb9b5a31d104d6fa2636877635e1dbf13ff5e38496
-
SSDEEP
196608:CIRcbH4jSteTGvyxwhzav1yo31CPwDv3uFZjeg2EeJUO9WLQkDxtw3iFFrS6XOfq:CdHsfuyxwZ6v1CPwDv3uFteg2EeJUO9d
Malware Config
Extracted
bitrat
1.38
qt3t3vvvzk5g3lzzgbmw76pmgx4t6pxtaznbeoxa4g6qjgdtsvcph7ad.onion:80
-
communication_password
b8dae3b02dbd08727d3785c175a81d03
-
install_dir
Microsoft Silverlight
-
install_file
Microsoft Silverlight.exe
-
tor_process
Runtime Broker
Targets
-
-
Target
2025-03-30_72c81db7f9436e4cf9412e713adcfcc1_bitrat_black-basta_coinminer_luca-stealer
-
Size
7.8MB
-
MD5
72c81db7f9436e4cf9412e713adcfcc1
-
SHA1
1ad4cb6d338ffb238fa5090b27785a73a5bf9b59
-
SHA256
5b0bd0f788bfe6a0d0850dd8c7445f92f8c4b9d5567b1335a6e46b47d5e1e8e0
-
SHA512
2e5fab88ff4717a32fed68f0612a4ae1e696f1103da36d01fc296708fb24e5543b84010ff26af31ef0b1eadb9b5a31d104d6fa2636877635e1dbf13ff5e38496
-
SSDEEP
196608:CIRcbH4jSteTGvyxwhzav1yo31CPwDv3uFZjeg2EeJUO9WLQkDxtw3iFFrS6XOfq:CdHsfuyxwZ6v1CPwDv3uFteg2EeJUO9d
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
Bitrat family
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-