Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
06-07-2022 01:36
General
-
Target
SecuriteInfo.com.W32.AIDetectNet.01.8511.exe
-
Size
2.1MB
-
MD5
1ac96e37aa2943e23cbeec35fc69036a
-
SHA1
5ea307c51a3448e2530d9c1879bb62e7ce565260
-
SHA256
17c4e9bf1981229f104d4a129063f9e41275f092724ccf5c1963999ece12c895
-
SHA512
684e5c2964333b9a711c8835079634ef716a9515829572abbef37b4491ce9c362779f84a9b966b4eae5482e4706c90d147df56006b1663a79ce5d8aa875d5e00
Score
10/10
Malware Config
Extracted
Family
bitrat
Version
1.38
C2
godfavor.duckdns.org:2349
Attributes
-
communication_password
81dc9bdb52d04dc20036dbd8313ed055
-
tor_process
tor
Signatures
-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
UPX packed file 6 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 9 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 10 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.8511.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.8511.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.8511.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.8511.exe"2⤵
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.8511.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.8511.exe"2⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2148-130-0x0000000000D20000-0x0000000000F42000-memory.dmpFilesize
2.1MB
-
memory/2148-131-0x0000000005F80000-0x0000000006524000-memory.dmpFilesize
5.6MB
-
memory/2148-132-0x0000000005910000-0x00000000059A2000-memory.dmpFilesize
584KB
-
memory/2148-133-0x00000000058E0000-0x00000000058EA000-memory.dmpFilesize
40KB
-
memory/2148-134-0x0000000008190000-0x000000000822C000-memory.dmpFilesize
624KB
-
memory/2148-135-0x0000000001640000-0x00000000016A6000-memory.dmpFilesize
408KB
-
memory/2568-136-0x0000000000000000-mapping.dmp
-
memory/4300-137-0x0000000000000000-mapping.dmp
-
memory/4300-138-0x0000000000400000-0x00000000007E4000-memory.dmpFilesize
3.9MB
-
memory/4300-139-0x0000000000400000-0x00000000007E4000-memory.dmpFilesize
3.9MB
-
memory/4300-140-0x0000000000400000-0x00000000007E4000-memory.dmpFilesize
3.9MB
-
memory/4300-141-0x0000000000400000-0x00000000007E4000-memory.dmpFilesize
3.9MB
-
memory/4300-142-0x0000000000400000-0x00000000007E4000-memory.dmpFilesize
3.9MB
-
memory/4300-143-0x00000000751F0000-0x0000000075229000-memory.dmpFilesize
228KB
-
memory/4300-144-0x0000000075570000-0x00000000755A9000-memory.dmpFilesize
228KB
-
memory/4300-145-0x0000000000400000-0x00000000007E4000-memory.dmpFilesize
3.9MB
-
memory/4300-146-0x0000000075570000-0x00000000755A9000-memory.dmpFilesize
228KB
-
memory/4300-147-0x0000000075570000-0x00000000755A9000-memory.dmpFilesize
228KB
-
memory/4300-148-0x00000000751F0000-0x0000000075229000-memory.dmpFilesize
228KB
-
memory/4300-149-0x0000000075570000-0x00000000755A9000-memory.dmpFilesize
228KB