bitrat | 10d3822ac14a988d3fb6b5106e82b4727aa714eaa054fa4d54b0fbf96d6953e8

General

Target

10d3822ac14a988d3fb6b5106e82b4727aa714eaa054fa4d54b0fbf96d6953e8.exe
Size

10.0MB
MD5

e872b597a98c83ad62c74877a03f35f8
SHA1

1761f0e80f0040a479551fc89885b43c2ded2131
SHA256

10d3822ac14a988d3fb6b5106e82b4727aa714eaa054fa4d54b0fbf96d6953e8
SHA512

2a6ea5dfc324d2e370e1b0baf13e99ccf48c35770549670a03a6a68d9964db4302304f686b6186832176982331c01679cf66155d9b3205cdd2bcd2303d6ad666
SSDEEP

98304:fRIevuEMjmkDQP2qxKahmUBFpHZDTk2e2RT16/UvYYn:fDuJjmkDQP20KamUVZHky2IY

Score

10^/10

bitrat trojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

bit747.duckdns.org:1010

Attributes

communication_password
81dc9bdb52d04dc20036dbd8313ed055
tor_process
tor

Signatures

BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
trojan bitrat
Executes dropped EXE 2 IoCs

Processes:

svchost.exesvchost.exe

pid process

1792 svchost.exe
1236 svchost.exe
Suspicious use of NtSetInformationThreadHideFromDebugger 6 IoCs

Processes:

RegAsm.exeRegAsm.exeRegAsm.exe

pid process

1180 RegAsm.exe
1180 RegAsm.exe
1180 RegAsm.exe
1180 RegAsm.exe
108 RegAsm.exe
564 RegAsm.exe

pid	process
1792	svchost.exe
1236	svchost.exe

pid	process
1180	RegAsm.exe
1180	RegAsm.exe
1180	RegAsm.exe
1180	RegAsm.exe
108	RegAsm.exe
564	RegAsm.exe

Suspicious use of SetThreadContext 3 IoCs

Processes:

10d3822ac14a988d3fb6b5106e82b4727aa714eaa054fa4d54b0fbf96d6953e8.exesvchost.exesvchost.exe

description	pid	process	target process
PID 1324 set thread context of 1180	1324	10d3822ac14a988d3fb6b5106e82b4727aa714eaa054fa4d54b0fbf96d6953e8.exe	RegAsm.exe
PID 1792 set thread context of 108	1792	svchost.exe	RegAsm.exe
PID 1236 set thread context of 564	1236	svchost.exe	RegAsm.exe

Creates scheduled task(s) 1 TTPs 3 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task
T1053

Processes:

schtasks.exeschtasks.exeschtasks.exe

pid process

672 schtasks.exe
924 schtasks.exe
1536 schtasks.exe

pid	process
672	schtasks.exe
924	schtasks.exe
1536	schtasks.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

RegAsm.exeRegAsm.exeRegAsm.exe

description	pid	process
Token: SeDebugPrivilege	1180	RegAsm.exe
Token: SeShutdownPrivilege	1180	RegAsm.exe
Token: SeDebugPrivilege	108	RegAsm.exe
Token: SeShutdownPrivilege	108	RegAsm.exe
Token: SeDebugPrivilege	564	RegAsm.exe
Token: SeShutdownPrivilege	564	RegAsm.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

RegAsm.exe

pid process

1180 RegAsm.exe
1180 RegAsm.exe

pid	process
1180	RegAsm.exe
1180	RegAsm.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

10d3822ac14a988d3fb6b5106e82b4727aa714eaa054fa4d54b0fbf96d6953e8.execmd.exetaskeng.exesvchost.exe

description	pid	process	target process
PID 1324 wrote to memory of 1180	1324	10d3822ac14a988d3fb6b5106e82b4727aa714eaa054fa4d54b0fbf96d6953e8.exe	RegAsm.exe
PID 1324 wrote to memory of 1180	1324	10d3822ac14a988d3fb6b5106e82b4727aa714eaa054fa4d54b0fbf96d6953e8.exe	RegAsm.exe
PID 1324 wrote to memory of 1180	1324	10d3822ac14a988d3fb6b5106e82b4727aa714eaa054fa4d54b0fbf96d6953e8.exe	RegAsm.exe
PID 1324 wrote to memory of 1180	1324	10d3822ac14a988d3fb6b5106e82b4727aa714eaa054fa4d54b0fbf96d6953e8.exe	RegAsm.exe
PID 1324 wrote to memory of 1180	1324	10d3822ac14a988d3fb6b5106e82b4727aa714eaa054fa4d54b0fbf96d6953e8.exe	RegAsm.exe
PID 1324 wrote to memory of 1180	1324	10d3822ac14a988d3fb6b5106e82b4727aa714eaa054fa4d54b0fbf96d6953e8.exe	RegAsm.exe
PID 1324 wrote to memory of 1180	1324	10d3822ac14a988d3fb6b5106e82b4727aa714eaa054fa4d54b0fbf96d6953e8.exe	RegAsm.exe
PID 1324 wrote to memory of 1180	1324	10d3822ac14a988d3fb6b5106e82b4727aa714eaa054fa4d54b0fbf96d6953e8.exe	RegAsm.exe
PID 1324 wrote to memory of 1180	1324	10d3822ac14a988d3fb6b5106e82b4727aa714eaa054fa4d54b0fbf96d6953e8.exe	RegAsm.exe
PID 1324 wrote to memory of 1180	1324	10d3822ac14a988d3fb6b5106e82b4727aa714eaa054fa4d54b0fbf96d6953e8.exe	RegAsm.exe
PID 1324 wrote to memory of 1180	1324	10d3822ac14a988d3fb6b5106e82b4727aa714eaa054fa4d54b0fbf96d6953e8.exe	RegAsm.exe
PID 1324 wrote to memory of 1180	1324	10d3822ac14a988d3fb6b5106e82b4727aa714eaa054fa4d54b0fbf96d6953e8.exe	RegAsm.exe
PID 1324 wrote to memory of 1180	1324	10d3822ac14a988d3fb6b5106e82b4727aa714eaa054fa4d54b0fbf96d6953e8.exe	RegAsm.exe
PID 1324 wrote to memory of 1180	1324	10d3822ac14a988d3fb6b5106e82b4727aa714eaa054fa4d54b0fbf96d6953e8.exe	RegAsm.exe
PID 1324 wrote to memory of 1180	1324	10d3822ac14a988d3fb6b5106e82b4727aa714eaa054fa4d54b0fbf96d6953e8.exe	RegAsm.exe
PID 1324 wrote to memory of 1512	1324	10d3822ac14a988d3fb6b5106e82b4727aa714eaa054fa4d54b0fbf96d6953e8.exe	cmd.exe
PID 1324 wrote to memory of 1512	1324	10d3822ac14a988d3fb6b5106e82b4727aa714eaa054fa4d54b0fbf96d6953e8.exe	cmd.exe
PID 1324 wrote to memory of 1512	1324	10d3822ac14a988d3fb6b5106e82b4727aa714eaa054fa4d54b0fbf96d6953e8.exe	cmd.exe
PID 1324 wrote to memory of 1512	1324	10d3822ac14a988d3fb6b5106e82b4727aa714eaa054fa4d54b0fbf96d6953e8.exe	cmd.exe
PID 1324 wrote to memory of 1228	1324	10d3822ac14a988d3fb6b5106e82b4727aa714eaa054fa4d54b0fbf96d6953e8.exe	cmd.exe
PID 1324 wrote to memory of 1228	1324	10d3822ac14a988d3fb6b5106e82b4727aa714eaa054fa4d54b0fbf96d6953e8.exe	cmd.exe
PID 1324 wrote to memory of 1228	1324	10d3822ac14a988d3fb6b5106e82b4727aa714eaa054fa4d54b0fbf96d6953e8.exe	cmd.exe
PID 1324 wrote to memory of 1228	1324	10d3822ac14a988d3fb6b5106e82b4727aa714eaa054fa4d54b0fbf96d6953e8.exe	cmd.exe
PID 1324 wrote to memory of 736	1324	10d3822ac14a988d3fb6b5106e82b4727aa714eaa054fa4d54b0fbf96d6953e8.exe	cmd.exe
PID 1324 wrote to memory of 736	1324	10d3822ac14a988d3fb6b5106e82b4727aa714eaa054fa4d54b0fbf96d6953e8.exe	cmd.exe
PID 1324 wrote to memory of 736	1324	10d3822ac14a988d3fb6b5106e82b4727aa714eaa054fa4d54b0fbf96d6953e8.exe	cmd.exe
PID 1324 wrote to memory of 736	1324	10d3822ac14a988d3fb6b5106e82b4727aa714eaa054fa4d54b0fbf96d6953e8.exe	cmd.exe
PID 1228 wrote to memory of 672	1228	cmd.exe	schtasks.exe
PID 1228 wrote to memory of 672	1228	cmd.exe	schtasks.exe
PID 1228 wrote to memory of 672	1228	cmd.exe	schtasks.exe
PID 1228 wrote to memory of 672	1228	cmd.exe	schtasks.exe
PID 904 wrote to memory of 1792	904	taskeng.exe	svchost.exe
PID 904 wrote to memory of 1792	904	taskeng.exe	svchost.exe
PID 904 wrote to memory of 1792	904	taskeng.exe	svchost.exe
PID 904 wrote to memory of 1792	904	taskeng.exe	svchost.exe
PID 904 wrote to memory of 1792	904	taskeng.exe	svchost.exe
PID 904 wrote to memory of 1792	904	taskeng.exe	svchost.exe
PID 904 wrote to memory of 1792	904	taskeng.exe	svchost.exe
PID 1792 wrote to memory of 108	1792	svchost.exe	RegAsm.exe
PID 1792 wrote to memory of 108	1792	svchost.exe	RegAsm.exe
PID 1792 wrote to memory of 108	1792	svchost.exe	RegAsm.exe
PID 1792 wrote to memory of 108	1792	svchost.exe	RegAsm.exe
PID 1792 wrote to memory of 108	1792	svchost.exe	RegAsm.exe
PID 1792 wrote to memory of 108	1792	svchost.exe	RegAsm.exe
PID 1792 wrote to memory of 108	1792	svchost.exe	RegAsm.exe
PID 1792 wrote to memory of 108	1792	svchost.exe	RegAsm.exe
PID 1792 wrote to memory of 108	1792	svchost.exe	RegAsm.exe
PID 1792 wrote to memory of 108	1792	svchost.exe	RegAsm.exe
PID 1792 wrote to memory of 108	1792	svchost.exe	RegAsm.exe
PID 1792 wrote to memory of 108	1792	svchost.exe	RegAsm.exe
PID 1792 wrote to memory of 108	1792	svchost.exe	RegAsm.exe
PID 1792 wrote to memory of 108	1792	svchost.exe	RegAsm.exe
PID 1792 wrote to memory of 108	1792	svchost.exe	RegAsm.exe
PID 1792 wrote to memory of 1652	1792	svchost.exe	cmd.exe
PID 1792 wrote to memory of 1652	1792	svchost.exe	cmd.exe
PID 1792 wrote to memory of 1652	1792	svchost.exe	cmd.exe
PID 1792 wrote to memory of 1652	1792	svchost.exe	cmd.exe
PID 1792 wrote to memory of 1828	1792	svchost.exe	cmd.exe
PID 1792 wrote to memory of 1828	1792	svchost.exe	cmd.exe
PID 1792 wrote to memory of 1828	1792	svchost.exe	cmd.exe
PID 1792 wrote to memory of 1828	1792	svchost.exe	cmd.exe
PID 1792 wrote to memory of 1976	1792	svchost.exe	cmd.exe
PID 1792 wrote to memory of 1976	1792	svchost.exe	cmd.exe
PID 1792 wrote to memory of 1976	1792	svchost.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\10d3822ac14a988d3fb6b5106e82b4727aa714eaa054fa4d54b0fbf96d6953e8.exe
"C:\Users\Admin\AppData\Local\Temp\10d3822ac14a988d3fb6b5106e82b4727aa714eaa054fa4d54b0fbf96d6953e8.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1324

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
2⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1180

C:\Windows\SysWOW64\cmd.exe
"cmd" /c mkdir "C:\Users\Admin\AppData\Roaming\svchost"
2⤵
PID:1512

C:\Windows\SysWOW64\cmd.exe
"cmd" /c schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\Admin\AppData\Roaming\svchost\svchost.exe'" /f
2⤵
- Suspicious use of WriteProcessMemory
PID:1228

C:\Windows\SysWOW64\schtasks.exe
schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\Admin\AppData\Roaming\svchost\svchost.exe'" /f
3⤵
- Creates scheduled task(s)
PID:672

C:\Windows\SysWOW64\cmd.exe
"cmd" /c copy "C:\Users\Admin\AppData\Local\Temp\10d3822ac14a988d3fb6b5106e82b4727aa714eaa054fa4d54b0fbf96d6953e8.exe" "C:\Users\Admin\AppData\Roaming\svchost\svchost.exe"
2⤵
PID:736

C:\Windows\system32\taskeng.exe
taskeng.exe {A3F54BBD-DDBF-40F1-AB0C-69B7BBDFF55A} S-1-5-21-3948302646-268491222-1934009652-1000:KXZDHPUW\Admin:Interactive:[1]
1⤵
- Suspicious use of WriteProcessMemory
PID:904

C:\Users\Admin\AppData\Roaming\svchost\svchost.exe
C:\Users\Admin\AppData\Roaming\svchost\svchost.exe
2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1792

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
3⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
PID:108

C:\Windows\SysWOW64\cmd.exe
"cmd" /c mkdir "C:\Users\Admin\AppData\Roaming\svchost"
3⤵
PID:1652

C:\Windows\SysWOW64\cmd.exe
"cmd" /c schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\Admin\AppData\Roaming\svchost\svchost.exe'" /f
3⤵
PID:1828

C:\Windows\SysWOW64\schtasks.exe
schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\Admin\AppData\Roaming\svchost\svchost.exe'" /f
4⤵
- Creates scheduled task(s)
PID:924

C:\Windows\SysWOW64\cmd.exe
"cmd" /c copy "C:\Users\Admin\AppData\Roaming\svchost\svchost.exe" "C:\Users\Admin\AppData\Roaming\svchost\svchost.exe"
3⤵
PID:1976

C:\Users\Admin\AppData\Roaming\svchost\svchost.exe
C:\Users\Admin\AppData\Roaming\svchost\svchost.exe
2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1236

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
3⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
PID:564

C:\Windows\SysWOW64\cmd.exe
"cmd" /c mkdir "C:\Users\Admin\AppData\Roaming\svchost"
3⤵
PID:324

C:\Windows\SysWOW64\cmd.exe
"cmd" /c schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\Admin\AppData\Roaming\svchost\svchost.exe'" /f
3⤵
PID:584

C:\Windows\SysWOW64\schtasks.exe
schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\Admin\AppData\Roaming\svchost\svchost.exe'" /f
4⤵
- Creates scheduled task(s)
PID:1536

C:\Windows\SysWOW64\cmd.exe
"cmd" /c copy "C:\Users\Admin\AppData\Roaming\svchost\svchost.exe" "C:\Users\Admin\AppData\Roaming\svchost\svchost.exe"
3⤵
PID:1256

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\svchost\svchost.exe
Filesize
10.0MB

MD5
e872b597a98c83ad62c74877a03f35f8

SHA1
1761f0e80f0040a479551fc89885b43c2ded2131

SHA256
10d3822ac14a988d3fb6b5106e82b4727aa714eaa054fa4d54b0fbf96d6953e8

SHA512
2a6ea5dfc324d2e370e1b0baf13e99ccf48c35770549670a03a6a68d9964db4302304f686b6186832176982331c01679cf66155d9b3205cdd2bcd2303d6ad666

Download Submit
C:\Users\Admin\AppData\Roaming\svchost\svchost.exe
Filesize
10.0MB

MD5
e872b597a98c83ad62c74877a03f35f8

SHA1
1761f0e80f0040a479551fc89885b43c2ded2131

SHA256
10d3822ac14a988d3fb6b5106e82b4727aa714eaa054fa4d54b0fbf96d6953e8

SHA512
2a6ea5dfc324d2e370e1b0baf13e99ccf48c35770549670a03a6a68d9964db4302304f686b6186832176982331c01679cf66155d9b3205cdd2bcd2303d6ad666

Download Submit
C:\Users\Admin\AppData\Roaming\svchost\svchost.exe
Filesize
10.0MB

MD5
e872b597a98c83ad62c74877a03f35f8

SHA1
1761f0e80f0040a479551fc89885b43c2ded2131

SHA256
10d3822ac14a988d3fb6b5106e82b4727aa714eaa054fa4d54b0fbf96d6953e8

SHA512
2a6ea5dfc324d2e370e1b0baf13e99ccf48c35770549670a03a6a68d9964db4302304f686b6186832176982331c01679cf66155d9b3205cdd2bcd2303d6ad666

Download Submit
memory/108-104-0x0000000000400000-0x00000000007CE000-memory.dmp

Filesize
3.8MB

Download
memory/108-102-0x0000000000400000-0x00000000007CE000-memory.dmp

Filesize
3.8MB

Download
memory/108-97-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/564-132-0x0000000000400000-0x00000000007CE000-memory.dmp

Filesize
3.8MB

Download
memory/564-130-0x0000000000400000-0x00000000007CE000-memory.dmp

Filesize
3.8MB

Download
memory/564-125-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/1180-82-0x0000000000400000-0x00000000007CE000-memory.dmp

Filesize
3.8MB

Download
memory/1180-107-0x0000000000400000-0x00000000007CE000-memory.dmp

Filesize
3.8MB

Download
memory/1180-66-0x0000000000400000-0x00000000007CE000-memory.dmp

Filesize
3.8MB

Download
memory/1180-68-0x0000000000400000-0x00000000007CE000-memory.dmp

Filesize
3.8MB

Download
memory/1180-71-0x0000000000400000-0x00000000007CE000-memory.dmp

Filesize
3.8MB

Download
memory/1180-72-0x0000000000400000-0x00000000007CE000-memory.dmp

Filesize
3.8MB

Download
memory/1180-73-0x0000000000400000-0x00000000007CE000-memory.dmp

Filesize
3.8MB

Download
memory/1180-74-0x0000000000400000-0x00000000007CE000-memory.dmp

Filesize
3.8MB

Download
memory/1180-75-0x0000000000400000-0x00000000007CE000-memory.dmp

Filesize
3.8MB

Download
memory/1180-76-0x0000000000400000-0x00000000007CE000-memory.dmp

Filesize
3.8MB

Download
memory/1180-77-0x0000000000400000-0x00000000007CE000-memory.dmp

Filesize
3.8MB

Download
memory/1180-78-0x0000000000400000-0x00000000007CE000-memory.dmp

Filesize
3.8MB

Download
memory/1180-79-0x0000000000400000-0x00000000007CE000-memory.dmp

Filesize
3.8MB

Download
memory/1180-80-0x0000000000400000-0x00000000007CE000-memory.dmp

Filesize
3.8MB

Download
memory/1180-81-0x0000000000400000-0x00000000007CE000-memory.dmp

Filesize
3.8MB

Download
memory/1180-134-0x0000000000400000-0x00000000007CE000-memory.dmp

Filesize
3.8MB

Download
memory/1180-83-0x0000000000400000-0x00000000007CE000-memory.dmp

Filesize
3.8MB

Download
memory/1180-63-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/1180-62-0x0000000000400000-0x00000000007CE000-memory.dmp

Filesize
3.8MB

Download
memory/1180-133-0x0000000000400000-0x00000000007CE000-memory.dmp

Filesize
3.8MB

Download
memory/1180-56-0x0000000000400000-0x00000000007CE000-memory.dmp

Filesize
3.8MB

Download
memory/1180-88-0x0000000000400000-0x00000000007CE000-memory.dmp

Filesize
3.8MB

Download
memory/1180-89-0x0000000000400000-0x00000000007CE000-memory.dmp

Filesize
3.8MB

Download
memory/1180-61-0x0000000000400000-0x00000000007CE000-memory.dmp

Filesize
3.8MB

Download
memory/1180-60-0x0000000000400000-0x00000000007CE000-memory.dmp

Filesize
3.8MB

Download
memory/1180-59-0x0000000000400000-0x00000000007CE000-memory.dmp

Filesize
3.8MB

Download
memory/1180-105-0x0000000000400000-0x00000000007CE000-memory.dmp

Filesize
3.8MB

Download
memory/1180-106-0x0000000000400000-0x00000000007CE000-memory.dmp

Filesize
3.8MB

Download
memory/1180-64-0x0000000000400000-0x00000000007CE000-memory.dmp

Filesize
3.8MB

Download
memory/1180-108-0x0000000000400000-0x00000000007CE000-memory.dmp

Filesize
3.8MB

Download
memory/1180-58-0x0000000000400000-0x00000000007CE000-memory.dmp

Filesize
3.8MB

Download
memory/1180-57-0x0000000000400000-0x00000000007CE000-memory.dmp

Filesize
3.8MB

Download
memory/1180-113-0x0000000000400000-0x00000000007CE000-memory.dmp

Filesize
3.8MB

Download
memory/1180-112-0x0000000000400000-0x00000000007CE000-memory.dmp

Filesize
3.8MB

Download
memory/1236-111-0x0000000000BE0000-0x0000000000C20000-memory.dmp

Filesize
256KB

Download
memory/1236-110-0x00000000012C0000-0x00000000016B4000-memory.dmp

Filesize
4.0MB

Download
memory/1324-55-0x0000000002460000-0x00000000024A0000-memory.dmp

Filesize
256KB

Download
memory/1324-54-0x0000000000B80000-0x0000000000F74000-memory.dmp

Filesize
4.0MB

Download
memory/1792-87-0x0000000000520000-0x0000000000560000-memory.dmp

Filesize
256KB

Download
memory/1792-86-0x00000000012C0000-0x00000000016B4000-memory.dmp

Filesize
4.0MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads