bitrat | 94fa2ee292d865aa1d8338f813c12477f353ede8d5254a69017e3b7955b74328 | Triage

Submit
Reports

Overview

overview

Static

static

AimBot CSGO.exe

windows7_x64

AimBot CSGO.exe

windows7_x64

AimBot CSGO.exe

windows7_x64

AimBot CSGO.exe

windows11_x64

AimBot CSGO.exe

windows10_x64

AimBot CSGO.exe

windows10_x64

AimBot CSGO.exe

windows10_x64

Sharing

General

Target

AimBot CSGO.exe
Size

715.3MB
Sample

211024-gakjksdbg9
MD5

591cee38361554eddcd1c340d567c99a
SHA1

d7845cd7d8b8f87f175897c20d4c87e2cd8dcc4b
SHA256

94fa2ee292d865aa1d8338f813c12477f353ede8d5254a69017e3b7955b74328
SHA512

4f3b8705b80b83a8d7cb76aeb2f063120885cfdd76c2096171abe6988552a81fe725f68048868dfb7a39e95631aedb98886d65e0d74351e72a2c26e3cea66eab

Score

10^/10

bitrat raccoon xmrig fa70ab2170931ba30ea54d8d4a578fc7e93b5f04 evasion macro miner persistence stealer trojan xlm

Static task

static1

Behavioral task

behavioral1

Sample

AimBot CSGO.exe

Resource

win7-ja-20210920

raccoon fa70ab2170931ba30ea54d8d4a578fc7e93b5f04 evasion stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

AimBot CSGO.exe

Resource

win7-en-20210920

raccoon fa70ab2170931ba30ea54d8d4a578fc7e93b5f04 evasion stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

AimBot CSGO.exe

Resource

win7-de-20210920

raccoon fa70ab2170931ba30ea54d8d4a578fc7e93b5f04 stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral4

Sample

AimBot CSGO.exe

Resource

win11

bitrat raccoon fa70ab2170931ba30ea54d8d4a578fc7e93b5f04 persistence stealer trojan

windows11_x64

0 signatures

0 seconds

Behavioral task

behavioral5

Sample

AimBot CSGO.exe

Resource

win10-ja-20211014

raccoon xmrig fa70ab2170931ba30ea54d8d4a578fc7e93b5f04 evasion miner stealer trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral6

Sample

AimBot CSGO.exe

Resource

win10-en-20211014

raccoon xmrig fa70ab2170931ba30ea54d8d4a578fc7e93b5f04 miner stealer

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral7

Sample

AimBot CSGO.exe

Resource

win10-de-20210920

raccoon xmrig fa70ab2170931ba30ea54d8d4a578fc7e93b5f04 macro miner stealer xlm

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

raccoon

rc4.plain

Extracted

Family

raccoon

Botnet

fa70ab2170931ba30ea54d8d4a578fc7e93b5f04

Attributes

url4cnc
http://telegka.top/vertu4iy
http://telegin.top/vertu4iy
https://t.me/vertu4iy

rc4.plain

rc4.plain

Targets

- Target
  
  AimBot CSGO.exe
- Size
  
  715.3MB
- MD5
  
  591cee38361554eddcd1c340d567c99a
- SHA1
  
  d7845cd7d8b8f87f175897c20d4c87e2cd8dcc4b
- SHA256
  
  94fa2ee292d865aa1d8338f813c12477f353ede8d5254a69017e3b7955b74328
- SHA512
  
  4f3b8705b80b83a8d7cb76aeb2f063120885cfdd76c2096171abe6988552a81fe725f68048868dfb7a39e95631aedb98886d65e0d74351e72a2c26e3cea66eab
Score

10^/10

raccoon fa70ab2170931ba30ea54d8d4a578fc7e93b5f04 evasion stealer bitrat persistence trojan xmrig miner macro xlm
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- BitRAT Payload
- Modifies security service
  evasion
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Suspicious use of NtCreateProcessExOtherParentProcess
- Suspicious use of NtCreateUserProcessOtherParentProcess
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner Payload
  miner
- Executes dropped EXE
- Sets service image path in registry
  persistence
- Suspicious Office macro
  Office document equipped with 4.0 macros.
  macro xlm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3 behavioral4 behavioral5 behavioral6 behavioral7

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoonfa70ab2170931ba30ea54d8d4a578fc7e93b5f04evasionstealer

behavioral2

raccoonfa70ab2170931ba30ea54d8d4a578fc7e93b5f04evasionstealer

behavioral3

raccoonfa70ab2170931ba30ea54d8d4a578fc7e93b5f04stealer

behavioral4

bitratraccoonfa70ab2170931ba30ea54d8d4a578fc7e93b5f04persistencestealertrojan

behavioral5

raccoonxmrigfa70ab2170931ba30ea54d8d4a578fc7e93b5f04evasionminerstealertrojan

behavioral6

raccoonxmrigfa70ab2170931ba30ea54d8d4a578fc7e93b5f04minerstealer

behavioral7

raccoonxmrigfa70ab2170931ba30ea54d8d4a578fc7e93b5f04macrominerstealerxlm

© 2018-2024

Terms | Privacy