Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    124s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    28-09-2022 00:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5e1ea26f5575e26857b209695de82207a04de0b0dc06f3645f776cc628440c46.exe

  • Size

    4.4MB

  • MD5

    7c0096de5c0980d402291ce8d29de4a5

  • SHA1

    a7dc912b7d74e300a2a3985a9b910031bc86c31d

  • SHA256

    5e1ea26f5575e26857b209695de82207a04de0b0dc06f3645f776cc628440c46

  • SHA512

    f4ca6efe60f745a61ab0e318e75c69d149b08ab9765ae2a8f7b2c2cfe7f43a5cac989cc150968df0da9732d2ce3eb7261f4b2a5ceb4678501d4069e22bd6f7f6

  • SSDEEP

    98304:1p/pzzUR6L0skzfu28Lm2QN3SJX7zojSHxWcfSAsJCTRmYrX:Pxfi6+DujLm2hJ78jSkTcTAYr

Score
10/10
bitrattrojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

103.125.190.185:1234

Attributes
  • communication_password

    827ccb0eea8a706c4c34a16891f84e7b

  • tor_process

    tor

Signatures

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat
  • Suspicious use of NtSetInformationThreadHideFromDebugger 6 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5e1ea26f5575e26857b209695de82207a04de0b0dc06f3645f776cc628440c46.exe
    "C:\Users\Admin\AppData\Local\Temp\5e1ea26f5575e26857b209695de82207a04de0b0dc06f3645f776cc628440c46.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2804
    • C:\Users\Admin\AppData\Local\Temp\5e1ea26f5575e26857b209695de82207a04de0b0dc06f3645f776cc628440c46.exe
      "C:\Users\Admin\AppData\Local\Temp\5e1ea26f5575e26857b209695de82207a04de0b0dc06f3645f776cc628440c46.exe"
      2⤵
        PID:2884
      • C:\Users\Admin\AppData\Local\Temp\5e1ea26f5575e26857b209695de82207a04de0b0dc06f3645f776cc628440c46.exe
        "C:\Users\Admin\AppData\Local\Temp\5e1ea26f5575e26857b209695de82207a04de0b0dc06f3645f776cc628440c46.exe"
        2⤵
          PID:5080
        • C:\Users\Admin\AppData\Local\Temp\5e1ea26f5575e26857b209695de82207a04de0b0dc06f3645f776cc628440c46.exe
          "C:\Users\Admin\AppData\Local\Temp\5e1ea26f5575e26857b209695de82207a04de0b0dc06f3645f776cc628440c46.exe"
          2⤵
          • Suspicious use of NtSetInformationThreadHideFromDebugger
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          PID:4064

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2804-115-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-116-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-117-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-118-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-119-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-120-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-121-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-122-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-123-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-124-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-125-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-126-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-127-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-128-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-129-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-130-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-131-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-132-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-133-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-134-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-135-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-136-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-137-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-138-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-139-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-140-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-141-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-142-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-143-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-144-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-145-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-146-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-147-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-148-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-149-0x0000000000200000-0x0000000000678000-memory.dmp
        Filesize

        4.5MB

        Download
      • memory/2804-150-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-151-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-152-0x00000000054E0000-0x00000000059DE000-memory.dmp
        Filesize

        5.0MB

        Download
      • memory/2804-153-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-154-0x0000000004F10000-0x0000000004FA2000-memory.dmp
        Filesize

        584KB

        Download
      • memory/2804-155-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-156-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-157-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-158-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-159-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-160-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-161-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-162-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-163-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-164-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-165-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-166-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-167-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-168-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-169-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-170-0x0000000004EA0000-0x0000000004EAA000-memory.dmp
        Filesize

        40KB

        Download
      • memory/2804-171-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-172-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-173-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-174-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-175-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-176-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-177-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-178-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-179-0x00000000053B0000-0x00000000053C4000-memory.dmp
        Filesize

        80KB

        Download
      • memory/2804-180-0x00000000054D0000-0x00000000054DC000-memory.dmp
        Filesize

        48KB

        Download
      • memory/2804-181-0x000000000A290000-0x000000000A6B0000-memory.dmp
        Filesize

        4.1MB

        Download
      • memory/2804-182-0x000000000A780000-0x000000000A81C000-memory.dmp
        Filesize

        624KB

        Download
      • memory/2804-183-0x000000000A820000-0x000000000A886000-memory.dmp
        Filesize

        408KB

        Download
      • memory/2804-184-0x000000000BEA0000-0x000000000C2AA000-memory.dmp
        Filesize

        4.0MB

        Download
      • memory/2804-185-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-189-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/4064-186-0x0000000000400000-0x00000000007CE000-memory.dmp
        Filesize

        3.8MB

        Download
      • memory/4064-187-0x000000000068A488-mapping.dmp
        Download
      • memory/4064-188-0x0000000076FE0000-0x000000007716E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/4064-221-0x0000000000400000-0x00000000007CE000-memory.dmp
        Filesize

        3.8MB

        Download
      • memory/4064-283-0x0000000073610000-0x000000007364A000-memory.dmp
        Filesize

        232KB

        Download
      • memory/4064-284-0x0000000073610000-0x000000007364A000-memory.dmp
        Filesize

        232KB

        Download
      • memory/4064-287-0x0000000000400000-0x00000000007CE000-memory.dmp
        Filesize

        3.8MB

        Download
      • memory/4064-304-0x0000000073610000-0x000000007364A000-memory.dmp
        Filesize

        232KB

        Download
      • memory/4064-305-0x0000000073610000-0x000000007364A000-memory.dmp
        Filesize

        232KB

        Download
      • memory/4064-306-0x0000000073610000-0x000000007364A000-memory.dmp
        Filesize

        232KB

        Download