Analysis
-
max time kernel
147s -
max time network
151s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
15-12-2022 13:00
General
-
Target
8ac53eb721a6ae815a870b81dad63a155c6518e20a84735550ed1f83dd380eb7.exe
-
Size
3.8MB
-
MD5
221e0fa159b0892c04254280d9a46674
-
SHA1
fbe9558c1bf14a8ec59b918084de51d6f7d9037b
-
SHA256
8ac53eb721a6ae815a870b81dad63a155c6518e20a84735550ed1f83dd380eb7
-
SHA512
084f35c331ec3c5a19dde1e5531b82206f2b5c2b0b3d315e72fca824890a4480141448c2fd22f65a00ffcb9de64103fe9e95282906154f6d24857be64a8ef8f9
-
SSDEEP
98304:d77Pmq33rE/JDLPWZADUGer7B6iY74M/UmlwXVZ4FB:5+R/eZADUXR
Score
10/10
Malware Config
Extracted
Family
bitrat
Version
1.38
C2
wwww.ddnsgeek.com:59599
Attributes
-
communication_password
32c93a52f919c37c05b22825e5a57a4a
-
tor_process
tor
Signatures
-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8ac53eb721a6ae815a870b81dad63a155c6518e20a84735550ed1f83dd380eb7.exe"C:\Users\Admin\AppData\Local\Temp\8ac53eb721a6ae815a870b81dad63a155c6518e20a84735550ed1f83dd380eb7.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.8MB
-
Filesize
8KB