Analysis
-
max time kernel
151s -
max time network
155s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
16-06-2022 03:12
General
-
Target
June RFQ - Finished Products List & Selection.exe
-
Size
1.7MB
-
MD5
db2b4147cb7d7bd810f7b8b2c7f04b3c
-
SHA1
ba7280b3e57c30e84043d69a15a2b41e66f7f8bb
-
SHA256
b1ea8507fb9fce713b396b966cbe353e767bea754198c6c1c6d32f33a1919611
-
SHA512
fe810165022a1d3e7ae9a7edb079ac3dbe4b40cb06302ff90b37eab0dd6dd1e27bdec20a6b4a549010f0cdc96525a03b6dc14186bfd029d9d81c4afbfd348501
Score
10/10
Malware Config
Extracted
Family
bitrat
Version
1.38
C2
bilt.shipnotifica.com:3988
Attributes
-
communication_password
2591605625515675ce1c298f970d39b2
-
install_dir
msfixrs
-
install_file
msfixr.exe
-
tor_process
tor
Signatures
-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
UPX packed file 7 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 5 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious behavior: RenamesItself 25 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 9 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\June RFQ - Finished Products List & Selection.exe"C:\Users\Admin\AppData\Local\Temp\June RFQ - Finished Products List & Selection.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\June RFQ - Finished Products List & Selection.exe"C:\Users\Admin\AppData\Local\Temp\June RFQ - Finished Products List & Selection.exe"2⤵
- Adds Run key to start application
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: RenamesItself
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1500-62-0x0000000000400000-0x00000000007E4000-memory.dmpFilesize
3.9MB
-
memory/1500-64-0x0000000074DD1000-0x0000000074DD3000-memory.dmpFilesize
8KB
-
memory/1500-56-0x00000000007E2740-mapping.dmp
-
memory/1500-57-0x0000000000400000-0x00000000007E4000-memory.dmpFilesize
3.9MB
-
memory/1500-69-0x0000000000250000-0x000000000025A000-memory.dmpFilesize
40KB
-
memory/1500-68-0x0000000000250000-0x000000000025A000-memory.dmpFilesize
40KB
-
memory/1500-55-0x0000000000400000-0x00000000007E4000-memory.dmpFilesize
3.9MB
-
memory/1500-61-0x0000000000400000-0x00000000007E4000-memory.dmpFilesize
3.9MB
-
memory/1500-58-0x0000000000400000-0x00000000007E4000-memory.dmpFilesize
3.9MB
-
memory/1500-63-0x0000000000400000-0x00000000007E4000-memory.dmpFilesize
3.9MB
-
memory/1500-67-0x0000000000400000-0x00000000007E4000-memory.dmpFilesize
3.9MB
-
memory/1500-65-0x0000000000250000-0x000000000025A000-memory.dmpFilesize
40KB
-
memory/1500-66-0x0000000000250000-0x000000000025A000-memory.dmpFilesize
40KB
-
memory/1936-60-0x0000000002A10000-0x0000000002B83000-memory.dmpFilesize
1.4MB
-
memory/1936-59-0x0000000002890000-0x0000000002A03000-memory.dmpFilesize
1.4MB
-
memory/1936-54-0x0000000002890000-0x0000000002A03000-memory.dmpFilesize
1.4MB