Overview

overview

7

Static

static

7

BitRAT/BitRAT.exe

windows7-x64

7

BitRAT/BitRAT.exe

windows10-2004-x64

7

BitRAT/BitRAT.exe.xml

windows7-x64

1

BitRAT/BitRAT.exe.xml

windows10-2004-x64

1

BitRAT/Manual.pdf

windows7-x64

1

BitRAT/Manual.pdf

windows10-2004-x64

1

BitRAT/dat...xe.png

windows7-x64

3

BitRAT/dat...xe.png

windows10-2004-x64

3

BitRAT/dat...nc.exe

windows7-x64

7

BitRAT/dat...nc.exe

windows10-2004-x64

7

BitRAT/dat..._1.dll

windows7-x64

1

BitRAT/dat..._1.dll

windows10-2004-x64

3

BitRAT/dat...-6.dll

windows7-x64

1

BitRAT/dat...-6.dll

windows10-2004-x64

1

BitRAT/dat...-6.dll

windows7-x64

1

BitRAT/dat...-6.dll

windows10-2004-x64

1

BitRAT/dat...-6.dll

windows7-x64

3

BitRAT/dat...-6.dll

windows10-2004-x64

3

BitRAT/dat...-1.dll

windows7-x64

3

BitRAT/dat...-1.dll

windows10-2004-x64

3

BitRAT/dat..._1.dll

windows7-x64

1

BitRAT/dat..._1.dll

windows10-2004-x64

1

BitRAT/dat...-0.dll

windows7-x64

3

BitRAT/dat...-0.dll

windows10-2004-x64

3

BitRAT/dat...-1.dll

windows7-x64

1

BitRAT/dat...-1.dll

windows10-2004-x64

1

BitRAT/dat...or.exe

windows7-x64

3

BitRAT/dat...or.exe

windows10-2004-x64

3

BitRAT/dat...b1.dll

windows7-x64

3

BitRAT/dat...b1.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    75s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    28-03-2023 01:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    BitRAT/BitRAT.exe

  • Size

    13.6MB

  • MD5

    03c4dc0c56e0c14e49341b31fc68e69b

  • SHA1

    9de6b2dfc76a99ce18a99f7092a71a00926b61ec

  • SHA256

    633f7758cc5df2dfc398840dfcf0ee24d3e233135167c805e9dae843cda9b6da

  • SHA512

    a3fcbd1ed7701a1049345cdcecf10b8689d5b80dec76bed156d48b9f3f8ad4e2b55c5f4a6f9512c2ed02f9ff1c992650520ed06045ab1081b5b3817ea9f717bc

  • SSDEEP

    196608:scVMS3RPqqL3RkDRq60tmZSPGPAPfelOC1/Stltibf:DMXs6cPP2AeKt3i7

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 17 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\BitRAT\BitRAT.exe
    "C:\Users\Admin\AppData\Local\Temp\BitRAT\BitRAT.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:1704

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\SkinSoft\VisualStyler\2.4.59444.6\x64\ssapihook.dll
    Filesize

    67KB

    MD5

    4d9943a0adc1a3bd1472bdbab649a436

    SHA1

    f0f36e014a71e21e629cabaa835f39a4e775e092

    SHA256

    87dd71ac71bca50d9f1179215bbc4a25783c6a959def5c1850683eb41f6b0322

    SHA512

    21766452cd53a2344c321b042984a08bcb46dac5e2b06dcd25f1a740e4018cb0f90d39b95414febd76d4c1447efc0dcae6dfa1ee176fdfab654a4efd2e705492

    Download Submit
  • memory/1704-75-0x000007FE7C100000-0x000007FE7C101000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1704-94-0x000000001B470000-0x000000001B4F0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1704-57-0x000000001C240000-0x000000001C34E000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1704-76-0x000007FE7C130000-0x000007FE7C131000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1704-62-0x00000000007D0000-0x00000000007D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1704-63-0x00000000007E0000-0x00000000007E1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1704-64-0x00000000007F0000-0x00000000007F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1704-65-0x0000000000800000-0x0000000000801000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1704-66-0x0000000000810000-0x0000000000811000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1704-67-0x0000000000820000-0x0000000000821000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1704-68-0x0000000002B60000-0x0000000002B61000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1704-69-0x0000000002B70000-0x0000000002B71000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1704-70-0x0000000002B80000-0x0000000002B81000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1704-71-0x0000000002B90000-0x0000000002B91000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1704-72-0x0000000002BA0000-0x0000000002BA1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1704-73-0x0000000002BB0000-0x0000000002BB1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1704-74-0x0000000002BC0000-0x0000000002BC1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1704-54-0x0000000000830000-0x00000000015C8000-memory.dmp
    Filesize

    13.6MB

    Download
  • memory/1704-55-0x000000001B470000-0x000000001B4F0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1704-56-0x000000001C510000-0x000000001DB74000-memory.dmp
    Filesize

    22.4MB

    Download
  • memory/1704-79-0x0000000002C90000-0x0000000002D04000-memory.dmp
    Filesize

    464KB

    Download
  • memory/1704-77-0x000007FE7C110000-0x000007FE7C111000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1704-80-0x000000001E780000-0x000000001EBCE000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1704-81-0x000000001B470000-0x000000001B4F0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1704-82-0x000000001B470000-0x000000001B4F0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1704-83-0x0000000000830000-0x00000000015C8000-memory.dmp
    Filesize

    13.6MB

    Download
  • memory/1704-85-0x000000001B470000-0x000000001B4F0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1704-86-0x000000001B470000-0x000000001B4F0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1704-87-0x000000001B470000-0x000000001B4F0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1704-88-0x000000001B470000-0x000000001B4F0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1704-89-0x000000001B470000-0x000000001B4F0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1704-90-0x000000001B470000-0x000000001B4F0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1704-91-0x000000001B470000-0x000000001B4F0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1704-92-0x000000001B470000-0x000000001B4F0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1704-93-0x0000000021E70000-0x0000000022558000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/1704-78-0x000007FE7C140000-0x000007FE7C141000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1704-96-0x000000001B470000-0x000000001B4F0000-memory.dmp
    Filesize

    512KB

    Download