bb49e8609de534fee476cdc8a0db81248e169f023a2ac7d7e8fae21127a03660 | Triage

Submit
Reports

Overview

overview

Static

static

BitRat Cracked.exe

windows10-2004-x64

BitShitBuilder.exe

windows10-2004-x64

7

data/modules/hvnc.exe

windows10-2004-x64

1

data/tor/tor.exe

windows10-2004-x64

3

Analysis

max time kernel
30s
max time network
35s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
13-01-2023 11:42

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

BitRat Cracked.exe

Resource

win10v2004-20221111-en

quasar venomrat office04 evasion rat rootkit spyware stealer trojan

windows10-2004-x64

19 signatures

30 seconds

Behavioral task

behavioral2

Sample

BitShitBuilder.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

3 signatures

30 seconds

Behavioral task

behavioral3

Sample

data/modules/hvnc.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

0 signatures

30 seconds

Behavioral task

behavioral4

Sample

data/tor/tor.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

1 signatures

30 seconds

Report Analysis Logs

General

Target

data/tor/tor.exe
Size

3.9MB
MD5

52faae579cc30d277fddf60ea4b89e2c
SHA1

f2010f4451c7aac3c767a5743370d9252bbbfd7c
SHA256

c4ee142394bf7a53e43ca86ab3c03e3712d85c15941588fc4e6e8f5c7a88c654
SHA512

3baec48c1718f2252ce788b3832d3adf145f93c3a9e6e6aeabde6d5d5d52bde32c450c46b1385961bf201c30f60570319897f614428414534867af6bf93f16a4
SSDEEP

98304:CzZ42i53gAUP71HtcjRkVfQIjiEsgYY9l7:KOaA0HtcjKVfQIb

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Processes

C:\Users\Admin\AppData\Local\Temp\data\tor\tor.exe
"C:\Users\Admin\AppData\Local\Temp\data\tor\tor.exe"
1⤵
PID:4660

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4660-132-0x00000000752A0000-0x00000000752C0000-memory.dmp

Filesize
128KB

Download
memory/4660-133-0x0000000075190000-0x000000007524F000-memory.dmp

Filesize
764KB

Download
memory/4660-134-0x0000000000700000-0x0000000000AF1000-memory.dmp

Filesize
3.9MB

Download
memory/4660-135-0x00000000752A0000-0x00000000752C0000-memory.dmp

Filesize
128KB

Download
memory/4660-136-0x0000000075190000-0x000000007524F000-memory.dmp

Filesize
764KB

Download
memory/4660-137-0x0000000074C30000-0x0000000074ED3000-memory.dmp

Filesize
2.6MB

Download
memory/4660-138-0x0000000074EE0000-0x0000000074FA3000-memory.dmp

Filesize
780KB

Download
memory/4660-139-0x0000000000700000-0x0000000000AF1000-memory.dmp

Filesize
3.9MB

Download
memory/4660-140-0x0000000000700000-0x0000000000AF1000-memory.dmp

Filesize
3.9MB

Download

© 2018-2024

Terms | Privacy