Overview

overview

10

Static

static

URLScan

urlscan

https://github.com/g...

windows10-2004-x64

10

Resubmissions

14-09-2022 16:32

220914-t2etmaagg9 10

14-09-2022 16:23

220914-tvwhsseeek 10

Analysis

  • max time kernel
    1795s
  • max time network
    1790s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-09-2022 16:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/genekolgav/kpk/

Score
10/10
bitrattrojanupx

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

bit100.accesscam.org:9090

Attributes
  • communication_password

    81dc9bdb52d04dc20036dbd8313ed055

  • tor_process

    tor

Signatures

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat
  • Downloads MZ/PE file
  • Executes dropped EXE 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 5 IoCs
  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 42 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 14 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/genekolgav/kpk/
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4716
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4716 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1416
    • C:\Users\Admin\Downloads\ctb.exe
      "C:\Users\Admin\Downloads\ctb.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:4916

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    75cdbc2adde8135b80f988bf64ad1ea2

    SHA1

    f172f412bfb135e19e90f02ea8e66cad617f73ba

    SHA256

    5cdbdadebf1c4b2fa8feb613d9a61ba0684f4380b6d0f9003f95d2c8b18417a7

    SHA512

    b06977d5f270fb52b72f37ad3c7ecd9c9d02316e1f8fefaef3c24dde41625a72807d5c1d090676dc29f5794c6cbe577b036eaf595507943a8be9ac794cb3de93

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    0985b043fd0e0f78d576544de7cc2c5b

    SHA1

    1fcd637084f9574aae848eb00b3b5a284448bdbe

    SHA256

    670a1952737db42d00866a79f9f3c74769d9613949794780fffe88731f189962

    SHA512

    21508b4fead5881fd9cde279b4521a83763c8d4556bd17c82cd34ee94036e356e6256156a1f2b9bb0f04031e19e7f8fcef922baae27a3572f5deca4dad7f6294

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\dqptnfu\imagestore.dat
    Filesize

    1KB

    MD5

    c49f2a384b61df9c3d01a905c204c4b4

    SHA1

    7614711e4f58d7d1b50222982348b4c6c09173c6

    SHA256

    f23428856337d7f65343faa615744bf6b231d7bc098a3c1ee5fe0c05b8c3b34b

    SHA512

    0982536fd7e76490ffbcc35af9cf09fab226b4889a91533819fb980cdce155a6ee8718e108417778333c20602d108a7ad0d91b56fd0cc9a2357ad89beca09bab

    Download Submit

  • C:\Users\Admin\Downloads\ctb.exe
    Filesize

    1.4MB

    MD5

    4614702a90f570a0764605d800613545

    SHA1

    920c7eab63af0dde1410686a69100eeb0733aa03

    SHA256

    ca0e5c90261ae7ac2e46cd085ae31f1a1bfd7d7f030a6d33ba6a2cb280176ad1

    SHA512

    6e6077db88395f51fd2a434a742fa4da34fbcb0677f844510eab8008ff615008fe6a747c0e4a5f1754818eae11af47afa6cfeb1d334685eca485d4fb5dedbfc4

    Download Submit

  • C:\Users\Admin\Downloads\ctb.exe.6j86a2d.partial
    Filesize

    1.4MB

    MD5

    4614702a90f570a0764605d800613545

    SHA1

    920c7eab63af0dde1410686a69100eeb0733aa03

    SHA256

    ca0e5c90261ae7ac2e46cd085ae31f1a1bfd7d7f030a6d33ba6a2cb280176ad1

    SHA512

    6e6077db88395f51fd2a434a742fa4da34fbcb0677f844510eab8008ff615008fe6a747c0e4a5f1754818eae11af47afa6cfeb1d334685eca485d4fb5dedbfc4

    Download Submit

  • memory/4916-136-0x0000000000000000-mapping.dmp

    Download

  • memory/4916-138-0x0000000000400000-0x00000000007E4000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/4916-139-0x000000006F0B0000-0x000000006F0E9000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-140-0x000000006EFE0000-0x000000006F019000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-141-0x0000000000400000-0x00000000007E4000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/4916-142-0x000000006F0B0000-0x000000006F0E9000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-143-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-144-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-145-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-146-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-147-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-148-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-149-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-150-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-151-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-152-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-153-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-154-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-155-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-156-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-157-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-158-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-159-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-160-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-161-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-162-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-163-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-164-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-165-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-166-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-167-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-168-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-169-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-170-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-171-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-172-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-173-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-174-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-175-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-176-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-177-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-178-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-179-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-180-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-181-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-182-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-183-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-184-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-185-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-186-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-187-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-188-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-189-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-190-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-191-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-192-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-193-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-194-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-195-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-196-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-197-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-198-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-199-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-200-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4916-201-0x000000006EDE0000-0x000000006EE19000-memory.dmp

    Filesize

    228KB

    Download