bitrat | 34637d766580ee138044aba566756d6ee1356ad1915df4778c72e74dcabd25bb | Triage

Submit
Reports

Overview

overview

Static

static

3

ff887fa781...18.exe

windows7-x64

ff887fa781...18.exe

windows10-2004-x64

Sharing

General

Target

ff887fa7815b8759a4908e7db7246dff_JaffaCakes118
Size

2.9MB
Sample

240421-r9gxvadf55
MD5

ff887fa7815b8759a4908e7db7246dff
SHA1

643240f371ba273be5d24d279fa4a12e45d49b19
SHA256

34637d766580ee138044aba566756d6ee1356ad1915df4778c72e74dcabd25bb
SHA512

3b409a1afd836636a25b93e9a6a8c15d3686b249a05ba60735864cf884f5f9a816e96ee02f411bc31cba5380f1b5e861f5b78c09ceb9c9eddd2a17fe90cf614f
SSDEEP

49152:SaMq0SaVfvc8NDRxHjfUlcfkDKG0y4fTOy6XWa:RWa

Score

10^/10

bitrat zgrat persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ff887fa7815b8759a4908e7db7246dff_JaffaCakes118.exe

Resource

win7-20240221-en

zgrat persistence rat

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

ff887fa7815b8759a4908e7db7246dff_JaffaCakes118.exe

Resource

win10v2004-20240226-en

bitrat zgrat persistence rat trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

vslt.info:1972

Attributes

communication_password
81dc9bdb52d04dc20036dbd8313ed055
tor_process
tor

Targets

- Target
  
  ff887fa7815b8759a4908e7db7246dff_JaffaCakes118
- Size
  
  2.9MB
- MD5
  
  ff887fa7815b8759a4908e7db7246dff
- SHA1
  
  643240f371ba273be5d24d279fa4a12e45d49b19
- SHA256
  
  34637d766580ee138044aba566756d6ee1356ad1915df4778c72e74dcabd25bb
- SHA512
  
  3b409a1afd836636a25b93e9a6a8c15d3686b249a05ba60735864cf884f5f9a816e96ee02f411bc31cba5380f1b5e861f5b78c09ceb9c9eddd2a17fe90cf614f
- SSDEEP
  
  49152:SaMq0SaVfvc8NDRxHjfUlcfkDKG0y4fTOy6XWa:RWa
Score

10^/10

zgrat persistence rat bitrat trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Detect ZGRat V1
- Modifies WinLogon for persistence
  persistence
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

zgratpersistencerat

behavioral2

bitratzgratpersistencerattrojan

© 2018-2024

Terms | Privacy