Overview

overview

10

Static

static

3

804b8999e3...49.exe

windows7-x64

10

804b8999e3...49.exe

windows10-2004-x64

Analysis

  • max time kernel
    57s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    22-12-2023 09:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    804b8999e3e6d9a7dc4d091387335049.exe

  • Size

    2.3MB

  • MD5

    804b8999e3e6d9a7dc4d091387335049

  • SHA1

    afaa02ac351e07f8816aaa7ee17e35294d9d343a

  • SHA256

    b3c167f4d9b549c00a67e8dcdfc537bc91995b805bb2dcabf3af0979e597dae9

  • SHA512

    4d55ca7744f63ad61afc18cea871a36ee7fe47a3051a77da23d8560e63e2e9bb5bbb15bb937470a0064ad41ebba9454660a256b018c705eb7260ece0bf386918

  • SSDEEP

    49152:bCpBKTd2Z2tZkQmMN3KKtDQiFjpt2HOO9J3vhsfLnB4:bC3KTd+tMN37tUiFjLEOOnvh8N4

Score
10/10
bitratpersistencetrojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

mianoffice221.kozow.com:8899

Attributes
  • communication_password

    81dc9bdb52d04dc20036dbd8313ed055

  • tor_process

    tor

Signatures

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat
  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\804b8999e3e6d9a7dc4d091387335049.exe
    "C:\Users\Admin\AppData\Local\Temp\804b8999e3e6d9a7dc4d091387335049.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2080
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\_Oviadrszxpavhd.vbs"
      2⤵
        PID:2684
        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -ExclusionPath C:\,'C:\Users\Admin\AppData\Roaming\Luminar\LuminarSetup.exe'
          3⤵
            PID:2912
        • C:\Users\Admin\AppData\Local\Temp\RegAsm.exe
          C:\Users\Admin\AppData\Local\Temp\RegAsm.exe
          2⤵
            PID:320

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\RegAsm.exe
          Filesize

          10KB

          MD5

          08bc01a0ee98743b4b9e270f0296af11

          SHA1

          a89b166f14cb6ca71e8ebcbfb5a96e81615f4d89

          SHA256

          901a7e65e28e230bc75fc1f9048c5db070a2bcf09fb5d882982998486f7c70b7

          SHA512

          4588950e1b9c781602084b442136a34f830950a5086bd48df8bcbba102ab7c976b76b2dff8999a486094aa5d58d502e8fcd55fa78a56d17d505cc181bd56ec12

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\_Oviadrszxpavhd.vbs
          Filesize

          150B

          MD5

          72150d142e8c0f04acf3ffaf4ac31d5a

          SHA1

          49cd56fa5e534c8c06b1c29d32159bd7d45178e9

          SHA256

          8108e778017e5da4690e88ec75833fa34122321d3a41f356e01742c24139f6a6

          SHA512

          eba87752abc9f39b719c61f6d39e72a666c63108009a1dcb3f304ddf23f072a1bb950e108c2eac6f93c8dd3c9fe59e327dad417b2e0bc2e39eed717fca50de46

          Download Submit

        • \Users\Admin\AppData\Local\Temp\RegAsm.exe
          Filesize

          63KB

          MD5

          b58b926c3574d28d5b7fdd2ca3ec30d5

          SHA1

          d260c4ffd603a9cfc057fcb83d678b1cecdf86f9

          SHA256

          6e70b56d748c4ccab13cc8a055d3795ea0dd95fe3b70568d7d3ac0c6621140a3

          SHA512

          b13cb998822b716b695013bcd6dec62a2290567d0d1743b2d982ca084235cf69c6ea1fc91c9d4e62657c6f9e102c7c60e81296ab055ffe43b887c5f8ec8958ab

          Download Submit

        • memory/320-73-0x0000000000400000-0x00000000007CE000-memory.dmp

          Filesize

          3.8MB

          Download

        • memory/320-68-0x0000000000400000-0x00000000007CE000-memory.dmp

          Filesize

          3.8MB

          Download

        • memory/320-71-0x0000000000400000-0x00000000007CE000-memory.dmp

          Filesize

          3.8MB

          Download

        • memory/320-64-0x0000000000400000-0x00000000007CE000-memory.dmp

          Filesize

          3.8MB

          Download

        • memory/320-77-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

          Filesize

          4KB

          Download

        • memory/320-79-0x0000000000400000-0x00000000007CE000-memory.dmp

          Filesize

          3.8MB

          Download

        • memory/320-94-0x0000000000400000-0x00000000007CE000-memory.dmp

          Filesize

          3.8MB

          Download

        • memory/320-104-0x0000000000400000-0x00000000007CE000-memory.dmp

          Filesize

          3.8MB

          Download

        • memory/320-75-0x0000000000400000-0x00000000007CE000-memory.dmp

          Filesize

          3.8MB

          Download

        • memory/320-70-0x0000000000400000-0x00000000007CE000-memory.dmp

          Filesize

          3.8MB

          Download

        • memory/320-66-0x0000000000400000-0x00000000007CE000-memory.dmp

          Filesize

          3.8MB

          Download

        • memory/2080-47-0x0000000008230000-0x000000000842E000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2080-29-0x0000000008230000-0x000000000842E000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2080-39-0x0000000008230000-0x000000000842E000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2080-37-0x0000000008230000-0x000000000842E000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2080-35-0x0000000008230000-0x000000000842E000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2080-33-0x0000000008230000-0x000000000842E000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2080-31-0x0000000008230000-0x000000000842E000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2080-19-0x0000000008230000-0x000000000842E000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2080-41-0x0000000008230000-0x000000000842E000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2080-43-0x0000000008230000-0x000000000842E000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2080-11-0x0000000008230000-0x000000000842E000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2080-45-0x0000000008230000-0x000000000842E000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2080-0-0x00000000000A0000-0x00000000002EC000-memory.dmp

          Filesize

          2.3MB

          Download

        • memory/2080-49-0x0000000008230000-0x000000000842E000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2080-51-0x0000000008230000-0x000000000842E000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2080-52-0x0000000002070000-0x0000000002098000-memory.dmp

          Filesize

          160KB

          Download

        • memory/2080-53-0x0000000074420000-0x0000000074B0E000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/2080-54-0x0000000000610000-0x0000000000650000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2080-27-0x0000000008230000-0x000000000842E000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2080-21-0x0000000008230000-0x000000000842E000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2080-23-0x0000000008230000-0x000000000842E000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2080-25-0x0000000008230000-0x000000000842E000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2080-13-0x0000000008230000-0x000000000842E000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2080-88-0x0000000074420000-0x0000000074B0E000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/2080-1-0x0000000074420000-0x0000000074B0E000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/2080-2-0x0000000000610000-0x0000000000650000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2080-15-0x0000000008230000-0x000000000842E000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2080-3-0x0000000008230000-0x0000000008434000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2080-4-0x0000000008230000-0x000000000842E000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2080-17-0x0000000008230000-0x000000000842E000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2080-5-0x0000000008230000-0x000000000842E000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2080-9-0x0000000008230000-0x000000000842E000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2080-7-0x0000000008230000-0x000000000842E000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2912-95-0x000000006F570000-0x000000006FB1B000-memory.dmp

          Filesize

          5.7MB

          Download

        • memory/2912-90-0x000000006F570000-0x000000006FB1B000-memory.dmp

          Filesize

          5.7MB

          Download

        • memory/2912-92-0x000000006F570000-0x000000006FB1B000-memory.dmp

          Filesize

          5.7MB

          Download

        • memory/2912-93-0x0000000002C40000-0x0000000002C80000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2912-91-0x0000000002C40000-0x0000000002C80000-memory.dmp

          Filesize

          256KB

          Download