bitrat

Sharing

Copy URL

Twitter E-mail

General

Target

fb90aa2e50efba5fcba39ceffe69633e_JaffaCakes118
Size

2.1MB
Sample

240420-bcg9cacb33
MD5

fb90aa2e50efba5fcba39ceffe69633e
SHA1

66d3b5d93f7b5638342bb81e43861f4d7292d2df
SHA256

b5dda0bddbb6438b46a2097787f26f2cceed8696c6147b44265bc38463b71311
SHA512

41c8fc9d0d0af0938275b7b970e03bf3436eecced8bf4961b85c4d95b00f58854262ee34493a55c801e1668ade433499039ed7e9a6511d5db9238e92f3cf07ba
SSDEEP

49152:yKCyQ9XtjBXegJ+ugbfXjRSGehRSHwANMQEm5V3wXn:CZ99FrgbfjRSG4gHwsxEm5an

Score

10^/10

Malware Config

Extracted

Family

bitrat

Version

1.38

con.microgent.ru:6992

Attributes

communication_password
760d1a76fde860fea97ca75974d2a4d1
tor_process
tor

Targets

- Target
  
  fb90aa2e50efba5fcba39ceffe69633e_JaffaCakes118
- Size
  
  2.1MB
- MD5
  
  fb90aa2e50efba5fcba39ceffe69633e
- SHA1
  
  66d3b5d93f7b5638342bb81e43861f4d7292d2df
- SHA256
  
  b5dda0bddbb6438b46a2097787f26f2cceed8696c6147b44265bc38463b71311
- SHA512
  
  41c8fc9d0d0af0938275b7b970e03bf3436eecced8bf4961b85c4d95b00f58854262ee34493a55c801e1668ade433499039ed7e9a6511d5db9238e92f3cf07ba
- SSDEEP
  
  49152:yKCyQ9XtjBXegJ+ugbfXjRSGehRSHwANMQEm5V3wXn:CZ99FrgbfjRSG4gHwsxEm5an
Score

10^/10

bitrat zgrat persistence rat trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect ZGRat V1

ZGRat

Adds Run key to start application

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2