bitrat | 555628994979ebb5381854d7d51b8378d12905a5f99d8efaf07e93eb56720eea

Analysis

max time kernel
0s
max time network
139s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22-12-2023 02:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

53745f92c92fa25185d37c1093968360.exe
Size

2.2MB
MD5

53745f92c92fa25185d37c1093968360
SHA1

28a7682119192de103b6ec18f523109251e33f61
SHA256

555628994979ebb5381854d7d51b8378d12905a5f99d8efaf07e93eb56720eea
SHA512

da33bfef625496b697850b42a8d516bccaadbea833570fcee117a595651b670ae60f3dbd758bc37a258db46739aa0c789e8b0e7a0b9370c68f66c7766a2bfd5a
SSDEEP

49152:YisAGUB6z+YmVa9Ehv9k2dPk2Vr/u0HM9vBiahGKwKPT6:mNUB6z+pVIWv9NdM2Vr2KMjFhP5T

Score

10^/10

bitrat trojan

Malware Config

Signatures

BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
trojan bitrat
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 3024	2040	53745f92c92fa25185d37c1093968360.exe	26
PID 2040 wrote to memory of 3024	2040	53745f92c92fa25185d37c1093968360.exe	26
PID 2040 wrote to memory of 3024	2040	53745f92c92fa25185d37c1093968360.exe	26
PID 2040 wrote to memory of 3024	2040	53745f92c92fa25185d37c1093968360.exe	26

C:\Users\Admin\AppData\Local\Temp\53745f92c92fa25185d37c1093968360.exe
"C:\Users\Admin\AppData\Local\Temp\53745f92c92fa25185d37c1093968360.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection 8.8.8.8, 8.8.4.4, time.google.com
  2⤵
  PID:3024
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection 8.8.8.8, 8.8.4.4, time.google.com
  2⤵
  PID:2504
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection 8.8.8.8, 8.8.4.4, time.google.com
  2⤵
  PID:2976
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection 8.8.8.8, 8.8.4.4, time.google.com
  2⤵
  PID:2192
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection 8.8.8.8, 8.8.4.4, time.google.com
  2⤵
  PID:2824
- C:\Users\Admin\AppData\Local\Temp\RegAsm.exe
  C:\Users\Admin\AppData\Local\Temp\RegAsm.exe
  2⤵
  PID:2628
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\_Mjhbgvlj.vbs"
  2⤵
  PID:1456

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -ExclusionPath C:\,'C:\Users\Admin\AppData\Local\Adobe\FlashPlayer.exe'
1⤵
PID:2936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RegAsm.exe

Filesize
27KB

MD5
560699f8ae8ba5d8210322f2aa3d68e9

SHA1
5752bbad7e925923c8b152b933d921e57e549b6b

SHA256
00f4b9e4529702175766c5ccd38ec737bf38b367268bd4ebdf7f9c66045eee0c

SHA512
bcfd5602d81b7a60163c7fcd3301ac2d85b8e8ca5f10f600c44dd1b792be8539bb9a05ed496fc930ee18a6439ceb5f4193fd3ad48f1a25cd23338b889900e1c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\RegAsm.exe

Filesize
17KB

MD5
247592816a6cd7fdfa79729322b77f80

SHA1
5ecc2989061e655e7a791901d8cf5490205acb3c

SHA256
da21060f666639b64e674e32608c40d22a5d8bc849a17d45dac6eb47be44e513

SHA512
859232558c8c6daf2c922d9cb8ddc5bd443d3d502706eaf08a6d12694d6533c696cc39596ed187bc2c7c22d9fe90406201f1fa0d07b8cb1f432863f621956d4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_Mjhbgvlj.vbs

Filesize
145B

MD5
0e442b7c7f432b800d1aa3ac1bf9aeda

SHA1
4738a1f8c05564def091e6767b12c39a7d31fcfd

SHA256
2025a2c9a96307a19cd7dabbc9561581e502b59b11d6b94de6baa74b654d78bd

SHA512
c7dcadb84ebc5a8ee034d9b7287435e3f2d3b88f5d07d89abdfee84e6aacd7f1b0d0d6ba4a8cb362e5438b30c4c60da8dbb6e7586f3472e0ce6b682fc2ddaa37

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\7VXTWDZIKWBUCD00ZBBZ.temp

Filesize
7KB

MD5
b7cd0589f2d07107a28cf8756cc519c1

SHA1
fe429cdcd3bd031715c0f9541a823020b575feb7

SHA256
4a0fd7d12332a215cadf5b51eac295a03525366124e3b7aff2effdbd16d3d9ca

SHA512
9bd2789c36cb107d516799f7fe01ceae98218e21951d92a7b880d3872e6e46d59a4ccc55b8f898ac3702ce659e94daefd7261d5429c55eb72e535f899774e193

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms

Filesize
1KB

MD5
1ec253da4a4a12d099226f6607583ec5

SHA1
402030020d2379d99fabdd3a7d4d0715752116e2

SHA256
d52dfe010f09f853ab54f66bd99a0fd406498190787539963e7153d4ef923d4e

SHA512
1b51418d79bc31d011532429da55b1d54bd302dbf71adef16eb249baae0e47d65fd5e961374cbf1d6eed763bf67e7ca23c52d1594a0db8f344ee5a44721c61bc

Download Submit
\Users\Admin\AppData\Local\Temp\RegAsm.exe

Filesize
44KB

MD5
b7b2a3757584a039cfe2d64e7cb0c204

SHA1
7f3287d90496200d71fdf8e69fb065539f33c7f2

SHA256
897ecf77f89c0b505bb251260761d7053730af37bc7e6c4d636d7e118cafacf7

SHA512
8c637f8d019beb9dcc0f0384ef161f4ee06cc206b3e3b2e43c6c3847828d5c863f77f9389877c6fbad8bb1ff28ae185f11397cf11f0063979c073c13eee07a5f

Download Submit
\Users\Admin\AppData\Local\Temp\RegAsm.exe

Filesize
2KB

MD5
3e3c0ef7a8b70ca292c4c614896e833f

SHA1
4f6016ec82068254e209daab7abf686dc81878c9

SHA256
ef9f510b96f336be25780b36a39995a06d599e1ce4b544a4c9e6460ac2c52cf5

SHA512
b293640fa9dd943b25e3e4cbc4999e2f9e8b9b26cf57052af63e39a5d24e8f56a255f176b591828e7ab4fc195203a89b3c29ebbe9cc179d166432a24dfef059a

Download Submit
memory/2040-76-0x0000000008C10000-0x0000000008E0A000-memory.dmp

Filesize
2.0MB

Download
memory/2040-70-0x0000000008C10000-0x0000000008E0A000-memory.dmp

Filesize
2.0MB

Download
memory/2040-0-0x00000000011D0000-0x0000000001408000-memory.dmp

Filesize
2.2MB

Download
memory/2040-195-0x0000000074E00000-0x00000000754EE000-memory.dmp

Filesize
6.9MB

Download
memory/2040-2-0x0000000005000000-0x0000000005040000-memory.dmp

Filesize
256KB

Download
memory/2040-151-0x00000000006E0000-0x000000000070C000-memory.dmp

Filesize
176KB

Download
memory/2040-57-0x0000000008C10000-0x0000000008E0A000-memory.dmp

Filesize
2.0MB

Download
memory/2040-58-0x0000000008C10000-0x0000000008E0A000-memory.dmp

Filesize
2.0MB

Download
memory/2040-20-0x0000000074E00000-0x00000000754EE000-memory.dmp

Filesize
6.9MB

Download
memory/2040-60-0x0000000008C10000-0x0000000008E0A000-memory.dmp

Filesize
2.0MB

Download
memory/2040-62-0x0000000008C10000-0x0000000008E0A000-memory.dmp

Filesize
2.0MB

Download
memory/2040-66-0x0000000008C10000-0x0000000008E0A000-memory.dmp

Filesize
2.0MB

Download
memory/2040-68-0x0000000008C10000-0x0000000008E0A000-memory.dmp

Filesize
2.0MB

Download
memory/2040-74-0x0000000008C10000-0x0000000008E0A000-memory.dmp

Filesize
2.0MB

Download
memory/2040-1-0x0000000074E00000-0x00000000754EE000-memory.dmp

Filesize
6.9MB

Download
memory/2040-80-0x0000000008C10000-0x0000000008E0A000-memory.dmp

Filesize
2.0MB

Download
memory/2040-32-0x0000000005000000-0x0000000005040000-memory.dmp

Filesize
256KB

Download
memory/2040-82-0x0000000008C10000-0x0000000008E0A000-memory.dmp

Filesize
2.0MB

Download
memory/2040-114-0x0000000008C10000-0x0000000008E0A000-memory.dmp

Filesize
2.0MB

Download
memory/2040-88-0x0000000008C10000-0x0000000008E0A000-memory.dmp

Filesize
2.0MB

Download
memory/2040-90-0x0000000008C10000-0x0000000008E0A000-memory.dmp

Filesize
2.0MB

Download
memory/2040-94-0x0000000008C10000-0x0000000008E0A000-memory.dmp

Filesize
2.0MB

Download
memory/2040-96-0x0000000008C10000-0x0000000008E0A000-memory.dmp

Filesize
2.0MB

Download
memory/2040-98-0x0000000008C10000-0x0000000008E0A000-memory.dmp

Filesize
2.0MB

Download
memory/2040-102-0x0000000008C10000-0x0000000008E0A000-memory.dmp

Filesize
2.0MB

Download
memory/2040-104-0x0000000008C10000-0x0000000008E0A000-memory.dmp

Filesize
2.0MB

Download
memory/2040-106-0x0000000008C10000-0x0000000008E0A000-memory.dmp

Filesize
2.0MB

Download
memory/2040-110-0x0000000008C10000-0x0000000008E0A000-memory.dmp

Filesize
2.0MB

Download
memory/2040-64-0x0000000008C10000-0x0000000008E0A000-memory.dmp

Filesize
2.0MB

Download
memory/2040-56-0x0000000008C10000-0x0000000008E10000-memory.dmp

Filesize
2.0MB

Download
memory/2040-112-0x0000000008C10000-0x0000000008E0A000-memory.dmp

Filesize
2.0MB

Download
memory/2040-72-0x0000000008C10000-0x0000000008E0A000-memory.dmp

Filesize
2.0MB

Download
memory/2040-78-0x0000000008C10000-0x0000000008E0A000-memory.dmp

Filesize
2.0MB

Download
memory/2040-86-0x0000000008C10000-0x0000000008E0A000-memory.dmp

Filesize
2.0MB

Download
memory/2040-92-0x0000000008C10000-0x0000000008E0A000-memory.dmp

Filesize
2.0MB

Download
memory/2040-100-0x0000000008C10000-0x0000000008E0A000-memory.dmp

Filesize
2.0MB

Download
memory/2040-108-0x0000000008C10000-0x0000000008E0A000-memory.dmp

Filesize
2.0MB

Download
memory/2040-116-0x0000000008C10000-0x0000000008E0A000-memory.dmp

Filesize
2.0MB

Download
memory/2040-120-0x0000000008C10000-0x0000000008E0A000-memory.dmp

Filesize
2.0MB

Download
memory/2040-118-0x0000000008C10000-0x0000000008E0A000-memory.dmp

Filesize
2.0MB

Download
memory/2040-84-0x0000000008C10000-0x0000000008E0A000-memory.dmp

Filesize
2.0MB

Download
memory/2192-157-0x0000000070050000-0x00000000705FB000-memory.dmp

Filesize
5.7MB

Download
memory/2192-41-0x0000000070050000-0x00000000705FB000-memory.dmp

Filesize
5.7MB

Download
memory/2192-40-0x0000000070050000-0x00000000705FB000-memory.dmp

Filesize
5.7MB

Download
memory/2192-42-0x0000000002AD0000-0x0000000002B10000-memory.dmp

Filesize
256KB

Download
memory/2192-43-0x0000000002AD0000-0x0000000002B10000-memory.dmp

Filesize
256KB

Download
memory/2504-19-0x0000000002B40000-0x0000000002B80000-memory.dmp

Filesize
256KB

Download
memory/2504-18-0x0000000002B40000-0x0000000002B80000-memory.dmp

Filesize
256KB

Download
memory/2504-16-0x0000000002B40000-0x0000000002B80000-memory.dmp

Filesize
256KB

Download
memory/2504-15-0x0000000070050000-0x00000000705FB000-memory.dmp

Filesize
5.7MB

Download
memory/2504-44-0x0000000070050000-0x00000000705FB000-memory.dmp

Filesize
5.7MB

Download
memory/2504-17-0x0000000070050000-0x00000000705FB000-memory.dmp

Filesize
5.7MB

Download
memory/2628-198-0x0000000000400000-0x00000000007CE000-memory.dmp

Filesize
3.8MB

Download
memory/2628-207-0x0000000000400000-0x00000000007CE000-memory.dmp

Filesize
3.8MB

Download
memory/2824-51-0x0000000002B90000-0x0000000002BD0000-memory.dmp

Filesize
256KB

Download
memory/2824-52-0x0000000070050000-0x00000000705FB000-memory.dmp

Filesize
5.7MB

Download
memory/2824-50-0x0000000070050000-0x00000000705FB000-memory.dmp

Filesize
5.7MB

Download
memory/2824-54-0x0000000002B90000-0x0000000002BD0000-memory.dmp

Filesize
256KB

Download
memory/2824-53-0x0000000002B90000-0x0000000002BD0000-memory.dmp

Filesize
256KB

Download
memory/2824-158-0x0000000070050000-0x00000000705FB000-memory.dmp

Filesize
5.7MB

Download
memory/2936-197-0x000000006FAC0000-0x000000007006B000-memory.dmp

Filesize
5.7MB

Download
memory/2936-175-0x000000006FAC0000-0x000000007006B000-memory.dmp

Filesize
5.7MB

Download
memory/2936-179-0x0000000002A50000-0x0000000002A90000-memory.dmp

Filesize
256KB

Download
memory/2936-177-0x000000006FAC0000-0x000000007006B000-memory.dmp

Filesize
5.7MB

Download
memory/2976-152-0x00000000029B0000-0x00000000029F0000-memory.dmp

Filesize
256KB

Download
memory/2976-55-0x0000000070050000-0x00000000705FB000-memory.dmp

Filesize
5.7MB

Download
memory/2976-29-0x0000000070050000-0x00000000705FB000-memory.dmp

Filesize
5.7MB

Download
memory/2976-28-0x00000000029B0000-0x00000000029F0000-memory.dmp

Filesize
256KB

Download
memory/2976-156-0x0000000070050000-0x00000000705FB000-memory.dmp

Filesize
5.7MB

Download
memory/2976-30-0x00000000029B0000-0x00000000029F0000-memory.dmp

Filesize
256KB

Download
memory/2976-31-0x00000000029B0000-0x00000000029F0000-memory.dmp

Filesize
256KB

Download
memory/2976-154-0x00000000029B0000-0x00000000029F0000-memory.dmp

Filesize
256KB

Download
memory/2976-155-0x00000000029B0000-0x00000000029F0000-memory.dmp

Filesize
256KB

Download
memory/2976-153-0x0000000070050000-0x00000000705FB000-memory.dmp

Filesize
5.7MB

Download
memory/2976-27-0x0000000070050000-0x00000000705FB000-memory.dmp

Filesize
5.7MB

Download
memory/3024-33-0x0000000070050000-0x00000000705FB000-memory.dmp

Filesize
5.7MB

Download
memory/3024-8-0x0000000002760000-0x00000000027A0000-memory.dmp

Filesize
256KB

Download
memory/3024-26-0x0000000070050000-0x00000000705FB000-memory.dmp

Filesize
5.7MB

Download
memory/3024-9-0x0000000002760000-0x00000000027A0000-memory.dmp

Filesize
256KB

Download
memory/3024-34-0x0000000070050000-0x00000000705FB000-memory.dmp

Filesize
5.7MB

Download
memory/3024-7-0x0000000070050000-0x00000000705FB000-memory.dmp

Filesize
5.7MB

Download
memory/3024-6-0x0000000002760000-0x00000000027A0000-memory.dmp

Filesize
256KB

Download
memory/3024-5-0x0000000070050000-0x00000000705FB000-memory.dmp

Filesize
5.7MB

Download