General

  • Target

    1680-92-0x0000000000400000-0x000000000224E000-memory.dmp

  • Size

    30.3MB

  • MD5

    5657752c3231827c4df436a3a7b50087

  • SHA1

    04e9f42a293f65718b232e070318b5778d9dd950

  • SHA256

    22b76b14387cdccca45cae5a8f0005fe697366b67c4220cf717f844c03d061f5

  • SHA512

    781031069beb8070da980a0dae8dac6c9226c82a41a98f9a3628ebe0871ef480f6ed2fe37a7c53445ba806a8504aacb49cc20186715cd71a8e04c1fd5d5ce9d4

  • SSDEEP

    786432:lMleAVsCzn+4Ws9oKhiTJMGVTp39//7RJFFVqzfDJg3:F0xyrKhiSGztbRVVqz7Jg3

Score
10/10

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

elensias.duckdns.org:0

Attributes
  • communication_password

    56c82ccd658e09e829f16bb99457bcbc

  • install_dir

    gnugnu

  • install_file

    chorme.exe

  • tor_process

    tori

Signatures

  • Bitrat family
  • VMProtect packed file 1 IoCs

    Detects executables packed with VMProtect commercial packer.

  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1680-92-0x0000000000400000-0x000000000224E000-memory.dmp
    .exe windows x86


    Headers

    Sections