Overview

overview

10

Static

static

10

4d71edf00f...9c.exe

windows7-x64

10

4d71edf00f...9c.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-10-2022 22:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4d71edf00f46afcb1cc2905ed2e73c9c.exe

  • Size

    3.8MB

  • MD5

    4d71edf00f46afcb1cc2905ed2e73c9c

  • SHA1

    e212ba0421ee7aad27866e928f2083b218b7a4ed

  • SHA256

    df594a9ae021e4d000115897adfdc46d58ce28c327eca0b974cd3e4f87776820

  • SHA512

    f91286a44bb046c99d73a52b9858ac736b967c45932445a16271d730efaeba86bcc439e1a24891a84472ce31c816084da3f884b37bc40cd03a1bd1ec40e99c01

  • SSDEEP

    98304:X77Pmq33rE/JDLPWZADUGer7B6iY74M/jmlwXVZ:f+R/eZADUXR

Score
10/10
bitrattrojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

storage.nsupdate.info:8973

Attributes
  • communication_password

    bf771c9d082071fe80b18bb678220682

  • tor_process

    tor

Signatures

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat
  • Suspicious use of NtSetInformationThreadHideFromDebugger 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4d71edf00f46afcb1cc2905ed2e73c9c.exe
    "C:\Users\Admin\AppData\Local\Temp\4d71edf00f46afcb1cc2905ed2e73c9c.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:4820

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4820-132-0x0000000000400000-0x00000000007CE000-memory.dmp
    Filesize

    3.8MB

    Download
  • memory/4820-133-0x0000000074530000-0x0000000074569000-memory.dmp
    Filesize

    228KB

    Download
  • memory/4820-134-0x00000000748B0000-0x00000000748E9000-memory.dmp
    Filesize

    228KB

    Download
  • memory/4820-135-0x0000000074530000-0x0000000074569000-memory.dmp
    Filesize

    228KB

    Download
  • memory/4820-136-0x00000000748B0000-0x00000000748E9000-memory.dmp
    Filesize

    228KB

    Download