bitrat | 9ae0c25679713aaea8ec01e6ebae61fd8225dedade07f45e1fc162072ba8df99

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
05-09-2023 08:08

Target

1248-92-0x0000000000400000-0x00000000007E4000-memory.exe
Size

3.9MB
MD5

c4d9517b248f99b44821fb6d7e0c3722
SHA1

589ccb1e23fc1d09d66e7d8e7520c390cfba4f53
SHA256

9ae0c25679713aaea8ec01e6ebae61fd8225dedade07f45e1fc162072ba8df99
SHA512

a5ed0be6f5e28804f2ab5bd6b51ee3e6d5a8586dee05431ee099bae299e49a1ef0da0badc34f466a5d4942ffeef07d6080560eee5b4873afa63478fa036c0421
SSDEEP

49152:KCRB7xHqLoupIlPf9SXDFBU2iIBb0xY/6sUYYl:R7xHiQyXbFZCBv

Score

10^/10

bitrat trojan upx

BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
trojan bitrat

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral1/memory/1676-0-0x0000000000400000-0x00000000007E4000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\1248-92-0x0000000000400000-0x00000000007E4000-memory.exe
"C:\Users\Admin\AppData\Local\Temp\1248-92-0x0000000000400000-0x00000000007E4000-memory.exe"
1⤵
PID:1676

memory/1676-0-0x0000000000400000-0x00000000007E4000-memory.dmp

Filesize
3.9MB

Download