Static task
static1
Behavioral task
behavioral1
Sample
9f91c07f8efbac3839267d2780eeeab664ee90ff8c90b1ab838a0377e2713336.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
9f91c07f8efbac3839267d2780eeeab664ee90ff8c90b1ab838a0377e2713336.exe
Resource
win10v2004-20220414-en
General
-
Target
9f91c07f8efbac3839267d2780eeeab664ee90ff8c90b1ab838a0377e2713336
-
Size
4.0MB
-
MD5
6dd0f788355bfc2a0056ff45ef0f911f
-
SHA1
0e5ebd5437c8e09ad5fc7a26ccc6035648e6c28d
-
SHA256
9f91c07f8efbac3839267d2780eeeab664ee90ff8c90b1ab838a0377e2713336
-
SHA512
ac74b32121ae0f513b4cf75109243205243d093344bc55aa153dac2c82a48772eca1bb009fc09015d33691699ba81d2ad543906a08de8b474d057b112de7ae7f
-
SSDEEP
98304:nYt+l6MQ/lseTAtdcJwpIU3Bqkz8HpuehqQZkvrJUDZN4PjpDrc:ll6MMlsBtdRpIU3oo8HQMn4Pjtr
Malware Config
Signatures
-
BitRAT Payload 1 IoCs
resource yara_rule sample family_bitrat -
Bitrat family
Files
-
9f91c07f8efbac3839267d2780eeeab664ee90ff8c90b1ab838a0377e2713336.exe windows x86
da10236af4d6b3e3833ba58b5cee4f93
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
HeapFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
HeapSize
PostQueuedCompletionStatus
FormatMessageW
GetLastError
TlsAlloc
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
HeapDestroy
LocalFree
DeleteCriticalSection
GetProcessHeap
WideCharToMultiByte
TlsFree
FormatMessageA
GetCurrentProcess
GetSystemTimes
GetTickCount64
GetProcessTimes
SetWaitableTimer
TlsSetValue
SetLastError
CreateWaitableTimerW
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
GetQueuedCompletionStatus
WaitForSingleObject
GetModuleHandleA
CreateEventW
MultiByteToWideChar
SetEvent
TerminateThread
CloseHandle
QueueUserAPC
GetProcAddress
VerSetConditionMask
SleepEx
VerifyVersionInfoW
TlsGetValue
GetSystemTimeAsFileTime
CreateIoCompletionPort
CreateDirectoryW
ReadFile
SizeofResource
QueryDosDeviceW
GetVolumeInformationW
FindFirstFileW
WriteProcessMemory
FindFirstFileExW
SetPriorityClass
VirtualFree
GetFullPathNameW
FindNextFileW
lstrlenW
Wow64DisableWow64FsRedirection
GetSystemDefaultUILanguage
GetDiskFreeSpaceW
VirtualAlloc
TerminateProcess
GetModuleFileNameW
GetUserDefaultLocaleName
GetProcessId
K32GetModuleFileNameExW
GetProductInfo
Thread32Next
GetTempPathW
CreateMutexW
Thread32First
FindClose
GetLocaleInfoW
CreateFileW
GetFileAttributesW
GetVersionExW
K32GetProcessImageFileNameW
SuspendThread
GetSystemDirectoryW
ResumeThread
lstrcatA
OpenProcess
GetLogicalDriveStringsW
CreateToolhelp32Snapshot
Sleep
Process32NextW
K32GetProcessMemoryInfo
CreateFileA
GetCurrentThread
LoadLibraryA
LockResource
GlobalAlloc
Process32FirstW
GlobalFree
GetNativeSystemInfo
GetSystemInfo
FindResourceExW
LoadResource
FindResourceW
GetThreadContext
GetPriorityClass
GlobalLock
VirtualAllocEx
MoveFileExW
GetFileSize
ExitProcess
ReadProcessMemory
GetComputerNameW
FindFirstStreamW
GetCurrentProcessId
GlobalMemoryStatusEx
CreateProcessW
WinExec
QueryFullProcessImageNameW
CreateProcessA
DebugBreak
SetThreadContext
FindNextStreamW
GetTickCount
GlobalUnlock
GetDriveTypeW
GetFileTime
OpenThread
GetExitCodeProcess
Beep
WriteFile
CreatePipe
PeekNamedPipe
GetStartupInfoA
SetThreadPriority
GetCurrentThreadId
lstrcpyA
CreateThread
CreateTimerQueueTimer
VirtualProtect
GetCommandLineW
DeviceIoControl
VirtualAllocExNuma
GetModuleHandleW
IsDebuggerPresent
CreateTimerQueue
VirtualQuery
FreeLibrary
LoadLibraryExA
EncodePointer
TryEnterCriticalSection
DuplicateHandle
WaitForSingleObjectEx
GetExitCodeThread
QueryPerformanceCounter
GetFileAttributesExW
GetFileInformationByHandle
SetEndOfFile
SetFilePointerEx
AreFileApisANSI
GetStringTypeW
GetCPInfo
CompareStringW
LCMapStringW
OutputDebugStringW
GetCurrentDirectoryW
DeleteFileW
RemoveDirectoryW
CreateDirectoryExW
GetFileSizeEx
GetFileType
GetModuleHandleExW
LoadLibraryW
GetStdHandle
GetSystemTime
SystemTimeToFileTime
InitializeCriticalSection
CreateEventA
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RegisterWaitForSingleObject
LoadLibraryExW
GetThreadTimes
FreeLibraryAndExitThread
SignalObjectAndWait
SwitchToThread
GetThreadPriority
GetLogicalProcessorInformation
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
UnregisterWait
RtlUnwind
SetConsoleCtrlHandler
ExitThread
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetModuleFileNameA
WriteConsoleW
SetEnvironmentVariableA
GetACP
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
GetTimeZoneInformation
ReadConsoleW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
Sections
.text Size: 2.6MB - Virtual size: 2.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 631KB - Virtual size: 631KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 675KB - Virtual size: 700KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 116KB - Virtual size: 120KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ