bitrat | immi[.]bin | Triage

Sharing

General

Target

immi.bin
Size

7.8MB
MD5

49c5906689498f487597cc1cb84e3a35
SHA1

338c319eeb28554df9aad957dd7f2676afb7e04e
SHA256

ccac95c8b3ec87ba50e8eaed511e9f1691c8efdded4368d63ab0740283905791
SHA512

f97f72ea65123b64f049404f26094249b8fffcf118d803aaddef0393cde67f15a603eb4a468cfc6f48b5eac345d48da1c7a5cde086ec7993adafd44474747c03
SSDEEP

196608:oIRcbH4jSteTGvIxwhzav1yo31CPwDv3uFZjeg2EeJUO9WLQkDxtw3iFFrS6XOf:odHsfuIxwZ6v1CPwDv3uFteg2EeJUO9E

Score

10^/10

bitrat

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

xdjnibkfm366vswudhfwb5gaihqxkxvov7q6gv3fqcm3bw46b5rydsqd.onion:0

Attributes

communication_password
71d39b7aa9389d5c64a2440993bcfa3b
install_dir
Install path
install_file
Install name
tor_process
tor

Signatures

Bitrat family
bitrat
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

immi.bin

Files

immi.bin
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 688KB - Virtual size: 687KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ