bitrat | 2328-72-0x0000000000D30000-0x00000000010FE000-memory[.]dmp | Triage

Sharing

General

Target

2328-72-0x0000000000D30000-0x00000000010FE000-memory.dmp
Size

3.8MB
MD5

fae801edc0f42a4db420ebdfa53752ae
SHA1

2db5f65ebc92e6c6496079e5d5017b4b92401325
SHA256

dfe1804b7bb427c8c013778cd7d4205648bd6b7836f0c2561fbfcc221c33e677
SHA512

715592091df8651302a8f7760793d7c84c099b869e2264be1642637c5516c6ec5800d9437c724d11c6ba1930b0c58935ba74ef87369ebc0cf39a68e3f80d4ec7
SSDEEP

98304:bn6V0r36Z19N0Hjv0e6GyiQ4LSpp0VBf6FB:aPbw70e6vcf

Score

10^/10

bitrat

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

185.225.75.68:3569

Attributes

communication_password
0edcbe7d888380c49e7d1dcf67b6ea6e
tor_process
tor

Signatures

Bitrat family
bitrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2328-72-0x0000000000D30000-0x00000000010FE000-memory.dmp

Files

2328-72-0x0000000000D30000-0x00000000010FE000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 687KB - Virtual size: 686KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ