Analysis
-
max time kernel
155s -
max time network
164s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
28-03-2023 01:58
General
-
Target
BitRAT/BitRAT.exe
-
Size
13.6MB
-
MD5
03c4dc0c56e0c14e49341b31fc68e69b
-
SHA1
9de6b2dfc76a99ce18a99f7092a71a00926b61ec
-
SHA256
633f7758cc5df2dfc398840dfcf0ee24d3e233135167c805e9dae843cda9b6da
-
SHA512
a3fcbd1ed7701a1049345cdcecf10b8689d5b80dec76bed156d48b9f3f8ad4e2b55c5f4a6f9512c2ed02f9ff1c992650520ed06045ab1081b5b3817ea9f717bc
-
SSDEEP
196608:scVMS3RPqqL3RkDRq60tmZSPGPAPfelOC1/Stltibf:DMXs6cPP2AeKt3i7
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 34 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\BitRAT\BitRAT.exe"C:\Users\Admin\AppData\Local\Temp\BitRAT\BitRAT.exe"1⤵
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\SkinSoft\VisualStyler\2.4.59444.6\x64\ssapihook.dllFilesize
67KB
MD54d9943a0adc1a3bd1472bdbab649a436
SHA1f0f36e014a71e21e629cabaa835f39a4e775e092
SHA25687dd71ac71bca50d9f1179215bbc4a25783c6a959def5c1850683eb41f6b0322
SHA51221766452cd53a2344c321b042984a08bcb46dac5e2b06dcd25f1a740e4018cb0f90d39b95414febd76d4c1447efc0dcae6dfa1ee176fdfab654a4efd2e705492
-
memory/3900-150-0x00007FF8F3300000-0x00007FF8F3301000-memory.dmpFilesize
4KB
-
memory/3900-141-0x00007FF8F2AF0000-0x00007FF8F2AF1000-memory.dmpFilesize
4KB
-
memory/3900-151-0x00007FF8F3320000-0x00007FF8F3321000-memory.dmpFilesize
4KB
-
memory/3900-140-0x00007FF8F3270000-0x00007FF8F3271000-memory.dmpFilesize
4KB
-
memory/3900-152-0x00007FF8F0370000-0x00007FF8F0371000-memory.dmpFilesize
4KB
-
memory/3900-142-0x00007FF8F3290000-0x00007FF8F3291000-memory.dmpFilesize
4KB
-
memory/3900-143-0x00007FF8F32A0000-0x00007FF8F32A1000-memory.dmpFilesize
4KB
-
memory/3900-144-0x00007FF8F3310000-0x00007FF8F3311000-memory.dmpFilesize
4KB
-
memory/3900-145-0x00007FF8F32B0000-0x00007FF8F32B1000-memory.dmpFilesize
4KB
-
memory/3900-146-0x00007FF8F32C0000-0x00007FF8F32C1000-memory.dmpFilesize
4KB
-
memory/3900-147-0x00007FF8F32E0000-0x00007FF8F32E1000-memory.dmpFilesize
4KB
-
memory/3900-153-0x00007FF8F03C0000-0x00007FF8F03C1000-memory.dmpFilesize
4KB
-
memory/3900-149-0x00007FF8F32D0000-0x00007FF8F32D1000-memory.dmpFilesize
4KB
-
memory/3900-133-0x000001B5D2210000-0x000001B5D2FA8000-memory.dmpFilesize
13.6MB
-
memory/3900-139-0x00007FF8F3280000-0x00007FF8F3281000-memory.dmpFilesize
4KB
-
memory/3900-134-0x000001B5EEC40000-0x000001B5EEC50000-memory.dmpFilesize
64KB
-
memory/3900-148-0x00007FF8F32F0000-0x00007FF8F32F1000-memory.dmpFilesize
4KB
-
memory/3900-154-0x00007FF8F0380000-0x00007FF8F0381000-memory.dmpFilesize
4KB
-
memory/3900-155-0x00007FF8F03D0000-0x00007FF8F03D1000-memory.dmpFilesize
4KB
-
memory/3900-156-0x000001B5EEC40000-0x000001B5EEC50000-memory.dmpFilesize
64KB
-
memory/3900-157-0x000001B5EEC40000-0x000001B5EEC50000-memory.dmpFilesize
64KB
-
memory/3900-158-0x000001B5D2210000-0x000001B5D2FA8000-memory.dmpFilesize
13.6MB
-
memory/3900-160-0x000001B5EEC40000-0x000001B5EEC50000-memory.dmpFilesize
64KB
-
memory/3900-161-0x000001B5EEC40000-0x000001B5EEC50000-memory.dmpFilesize
64KB
-
memory/3900-162-0x000001B5EEC40000-0x000001B5EEC50000-memory.dmpFilesize
64KB
-
memory/3900-163-0x000001B5EEC40000-0x000001B5EEC50000-memory.dmpFilesize
64KB
-
memory/3900-164-0x000001B5EEC40000-0x000001B5EEC50000-memory.dmpFilesize
64KB
-
memory/3900-165-0x000001B5EEC40000-0x000001B5EEC50000-memory.dmpFilesize
64KB
-
memory/3900-166-0x000001B5EEC40000-0x000001B5EEC50000-memory.dmpFilesize
64KB