bitrat | 8dd536083c6ed59bc8a88d3df2eef87142a69c48fb4e6594ac606aaafd5c7594

Analysis

max time kernel
146s
max time network
149s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
20-07-2023 08:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

megusz.exe
Size

1.4MB
MD5

358384b8f4f4ceb8035072ed72fa165d
SHA1

63c38135f9ac72fe1410c08327759ac8a14b2d42
SHA256

8dd536083c6ed59bc8a88d3df2eef87142a69c48fb4e6594ac606aaafd5c7594
SHA512

31f248f179c13ff5afc550d7fe650635782585f4b706231d3315b55e82546770b27128834efccae834f991306422e9fd03e6697f35b5ae377c1e377f4c9e4dd8
SSDEEP

24576:QndRKZCy2BrhCeU2i2cJijFbCBTPmiY05tJMSQp5ysA7Yg1nLkz1G3BU+:SXDFBU2iIBb0xY/6sUYYgo

Score

10^/10

bitrat trojan upx

Malware Config

Extracted

Family

bitrat

Version

1.38

208.67.104.96:1234

Attributes

communication_password
81dc9bdb52d04dc20036dbd8313ed055
tor_process
tor

Signatures

BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
trojan bitrat

UPX packed file 15 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2304-54-0x0000000000400000-0x00000000007E4000-memory.dmp	upx
behavioral1/memory/2304-57-0x0000000000400000-0x00000000007E4000-memory.dmp	upx
behavioral1/memory/2304-61-0x0000000000400000-0x00000000007E4000-memory.dmp	upx
behavioral1/memory/2304-62-0x0000000000400000-0x00000000007E4000-memory.dmp	upx
behavioral1/memory/2304-63-0x0000000000400000-0x00000000007E4000-memory.dmp	upx
behavioral1/memory/2304-64-0x0000000000400000-0x00000000007E4000-memory.dmp	upx
behavioral1/memory/2304-65-0x0000000000400000-0x00000000007E4000-memory.dmp	upx
behavioral1/memory/2304-66-0x0000000000400000-0x00000000007E4000-memory.dmp	upx
behavioral1/memory/2304-67-0x0000000000400000-0x00000000007E4000-memory.dmp	upx
behavioral1/memory/2304-68-0x0000000000400000-0x00000000007E4000-memory.dmp	upx
behavioral1/memory/2304-69-0x0000000000400000-0x00000000007E4000-memory.dmp	upx
behavioral1/memory/2304-70-0x0000000000400000-0x00000000007E4000-memory.dmp	upx
behavioral1/memory/2304-71-0x0000000000400000-0x00000000007E4000-memory.dmp	upx
behavioral1/memory/2304-72-0x0000000000400000-0x00000000007E4000-memory.dmp	upx
behavioral1/memory/2304-73-0x0000000000400000-0x00000000007E4000-memory.dmp	upx

Suspicious use of NtSetInformationThreadHideFromDebugger 5 IoCs

Processes:

megusz.exe

pid process

2304 megusz.exe
2304 megusz.exe
2304 megusz.exe
2304 megusz.exe
2304 megusz.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

megusz.exe

description pid process

Token: SeDebugPrivilege 2304 megusz.exe
Token: SeShutdownPrivilege 2304 megusz.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

megusz.exe

pid process

2304 megusz.exe
2304 megusz.exe

pid	process
2304	megusz.exe
2304	megusz.exe
2304	megusz.exe
2304	megusz.exe
2304	megusz.exe

description	pid	process
Token: SeDebugPrivilege	2304	megusz.exe
Token: SeShutdownPrivilege	2304	megusz.exe

pid	process
2304	megusz.exe
2304	megusz.exe

C:\Users\Admin\AppData\Local\Temp\megusz.exe
"C:\Users\Admin\AppData\Local\Temp\megusz.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2304

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2304-54-0x0000000000400000-0x00000000007E4000-memory.dmp

Filesize
3.9MB

Download
memory/2304-55-0x0000000000330000-0x000000000033A000-memory.dmp

Filesize
40KB

Download
memory/2304-56-0x0000000000330000-0x000000000033A000-memory.dmp

Filesize
40KB

Download
memory/2304-57-0x0000000000400000-0x00000000007E4000-memory.dmp

Filesize
3.9MB

Download
memory/2304-59-0x0000000000330000-0x000000000033A000-memory.dmp

Filesize
40KB

Download
memory/2304-60-0x0000000000330000-0x000000000033A000-memory.dmp

Filesize
40KB

Download
memory/2304-61-0x0000000000400000-0x00000000007E4000-memory.dmp

Filesize
3.9MB

Download
memory/2304-62-0x0000000000400000-0x00000000007E4000-memory.dmp

Filesize
3.9MB

Download
memory/2304-63-0x0000000000400000-0x00000000007E4000-memory.dmp

Filesize
3.9MB

Download
memory/2304-64-0x0000000000400000-0x00000000007E4000-memory.dmp

Filesize
3.9MB

Download
memory/2304-65-0x0000000000400000-0x00000000007E4000-memory.dmp

Filesize
3.9MB

Download
memory/2304-66-0x0000000000400000-0x00000000007E4000-memory.dmp

Filesize
3.9MB

Download
memory/2304-67-0x0000000000400000-0x00000000007E4000-memory.dmp

Filesize
3.9MB

Download
memory/2304-68-0x0000000000400000-0x00000000007E4000-memory.dmp

Filesize
3.9MB

Download
memory/2304-69-0x0000000000400000-0x00000000007E4000-memory.dmp

Filesize
3.9MB

Download
memory/2304-70-0x0000000000400000-0x00000000007E4000-memory.dmp

Filesize
3.9MB

Download
memory/2304-71-0x0000000000400000-0x00000000007E4000-memory.dmp

Filesize
3.9MB

Download
memory/2304-72-0x0000000000400000-0x00000000007E4000-memory.dmp

Filesize
3.9MB

Download
memory/2304-73-0x0000000000400000-0x00000000007E4000-memory.dmp

Filesize
3.9MB

Download