Behavioral task
behavioral1
Sample
1688-65-0x0000000000400000-0x00000000007CE000-memory.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
1688-65-0x0000000000400000-0x00000000007CE000-memory.exe
Resource
win10v2004-20220901-en
General
-
Target
1688-65-0x0000000000400000-0x00000000007CE000-memory.dmp
-
Size
3.8MB
-
MD5
878aeadc4ef77b33c31e027e5654b581
-
SHA1
dc567773849e228f22573e154b09995c12c3d2ce
-
SHA256
805c3cca5971657057ee78ee63fb040c3aa5f3f2018b37e0d694156ae1cf0ae4
-
SHA512
8f5e2836dc1b09a948afbb34ed871fb664292ba8b5d80c6df06f97dc02ca889af1d5d1b71e2ae82a72a585860f9d5038f8cc5e95cf96577711f1076fa47d2b0a
-
SSDEEP
98304:877Pmq33rE/JDLPWZADUGer7B6iY74M/AmlwXVZ:K+R/eZADUXR
Malware Config
Extracted
bitrat
1.38
103.125.190.185:1234
-
communication_password
827ccb0eea8a706c4c34a16891f84e7b
-
tor_process
tor
Signatures
-
Bitrat family
Files
-
1688-65-0x0000000000400000-0x00000000007CE000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 2.9MB - Virtual size: 2.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 687KB - Virtual size: 686KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 72KB - Virtual size: 103KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 146KB - Virtual size: 146KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ