BitRAT

Description

(Krabs on Security) As is the case with most HF malware, BitRAT is best described as an amalgamation of poorly pasted leaked source code slapped together alongside a fancy C# GUI. It makes heavy uses of libraries such as C++ Standard Library, Boost, OpenCV, and libcurl, as well as code copied directly from leaked malware source code or sites including StackOverflow. The choice of Camellia is somewhat unique, I have not seen this specific algorithm used in malware before.

Names

Name
BitRAT

Type

Backdoor
Info stealer
Credential stealer
Keylogger

Information

https://krabsonsecurity.com/2020/08/22/bitrat-the-latest-in-copy-pasted-malware-by-incompetent-developers/
https://krabsonsecurity.com/2020/09/04/bitrat-pt-2-hidden-browser-socks5-proxy-and-unknownproducts-unmasked/
https://www.trendmicro.com/en_us/research/21/i/apt-c-36-updates-its-long-term-spam-campaign-against-south-ameri.html
https://www.fortinet.com/blog/threat-research/nft-lure-used-to-distribute-bitrat
https://blog.qualys.com/vulnerabilities-threat-research/2023/01/03/bitrat-now-sharing-sensitive-bank-data-as-a-lure

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.bit_rat

Other Information

Uuid

041f9066-8f22-48b7-bb50-5d2ca3bf6410

Last Card Change

2023-02-15

Threat Intelligence Garden

Explorer

BitRAT

BitRAT

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks