Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20220721-en -
resource tags
-
submitted
26-07-2022 15:23
General
-
Target
614d76652c2200e394b860c180e9b44f3bccf99f172bea1469db0b9379c99dc2.exe
-
Size
1.4MB
-
MD5
c0aec085c4a40d42297566227d175847
-
SHA1
109514c9f0e1738b359db8623e3208c40f9dfd95
-
SHA256
614d76652c2200e394b860c180e9b44f3bccf99f172bea1469db0b9379c99dc2
-
SHA512
b9a11d46e2c40a2e7fcb782f321446f39f4f210e4f15e9433661ed8d9ce61d5f996bbde0dd3739a0046bbd7f43d47e7170b83d4a6b115a0cb03c132b19ecc57e
Score
10/10
Malware Config
Extracted
Family
bitrat
Version
1.38
C2
bitm064.duckdns.org:7904
Attributes
-
communication_password
81dc9bdb52d04dc20036dbd8313ed055
-
tor_process
tor
Signatures
-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 5 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\614d76652c2200e394b860c180e9b44f3bccf99f172bea1469db0b9379c99dc2.exe"C:\Users\Admin\AppData\Local\Temp\614d76652c2200e394b860c180e9b44f3bccf99f172bea1469db0b9379c99dc2.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1056-130-0x0000000000400000-0x00000000007E4000-memory.dmpFilesize
3.9MB
-
memory/1056-131-0x0000000074E50000-0x0000000074E89000-memory.dmpFilesize
228KB
-
memory/1056-132-0x00000000751D0000-0x0000000075209000-memory.dmpFilesize
228KB
-
memory/1056-133-0x0000000000400000-0x00000000007E4000-memory.dmpFilesize
3.9MB
-
memory/1056-134-0x0000000074E50000-0x0000000074E89000-memory.dmpFilesize
228KB
-
memory/1056-135-0x00000000751D0000-0x0000000075209000-memory.dmpFilesize
228KB