Overview

overview

10

Static

static

1

ca5cb50618...1b.exe

windows7-x64

10

ca5cb50618...1b.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    71s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    28-12-2023 06:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ca5cb50618d8df2b8f67fb562d535a1b.exe

  • Size

    2.8MB

  • MD5

    ca5cb50618d8df2b8f67fb562d535a1b

  • SHA1

    e648d0dc065cd1d017f805dc29e5e26ee65c8273

  • SHA256

    cdfe884cee1ae053d17300dfe2ddc89e21371fe4fea96d1102069685a9e71f56

  • SHA512

    942467e68ae0f765d72377ef4698c56d9cc2b799894db85ecfe03bd77d0b5df8a3896623d12b6c0862ceb2e236c25d8a1962d4f07a2d7985af57a5f5b37e118c

  • SSDEEP

    49152:uE/UJ104hpI+JOK1DCSnpCsVhwie8rqk8T:DT

Score
10/10
bitratzgratrattrojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

139.28.219.47:64576

Attributes
  • communication_password

    4a7d1ed414474e4033ac29ccb8653d9b

  • tor_process

    tor

Signatures

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat
  • Detect ZGRat V1 34 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ca5cb50618d8df2b8f67fb562d535a1b.exe
    "C:\Users\Admin\AppData\Local\Temp\ca5cb50618d8df2b8f67fb562d535a1b.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2264
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\_Bhvohqh.vbs"
      2⤵
        PID:2932
        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -ExclusionPath C:\,'C:\Users\Admin\AppData\Roaming\jusched.exe'
          3⤵
            PID:3008
        • C:\Users\Admin\AppData\Local\Temp\ca5cb50618d8df2b8f67fb562d535a1b.exe
          C:\Users\Admin\AppData\Local\Temp\ca5cb50618d8df2b8f67fb562d535a1b.exe
          2⤵
            PID:1616

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\_Bhvohqh.vbs
          Filesize

          137B

          MD5

          54dbeebd94ab33ba092390548db30f03

          SHA1

          d08403310ce5c5f36439409d727a9ab74c9b7cdb

          SHA256

          cfa50535cc06ef74329b8b2b3610fcd8d6fe629ae0637b6ecdf3b05b55f723d7

          SHA512

          6b832b2303a0af4fd2e7cd962517d93df47ab6b3ba3b72c464e5d30698c54dbca343cff373649bce064265e0fc35bc10b78d0530f30a90fe382091e60d51b864

          Download Submit
        • memory/1616-2356-0x0000000000400000-0x00000000007CE000-memory.dmp
          Filesize

          3.8MB

          Download
        • memory/1616-2376-0x0000000000400000-0x00000000007CE000-memory.dmp
          Filesize

          3.8MB

          Download
        • memory/2264-0-0x0000000001380000-0x0000000001654000-memory.dmp
          Filesize

          2.8MB

          Download
        • memory/2264-1-0x0000000074B80000-0x000000007526E000-memory.dmp
          Filesize

          6.9MB

          Download
        • memory/2264-2-0x00000000051F0000-0x0000000005230000-memory.dmp
          Filesize

          256KB

          Download
        • memory/2264-3-0x0000000074B80000-0x000000007526E000-memory.dmp
          Filesize

          6.9MB

          Download
        • memory/2264-4-0x00000000051F0000-0x0000000005230000-memory.dmp
          Filesize

          256KB

          Download
        • memory/2264-5-0x00000000051F0000-0x0000000005230000-memory.dmp
          Filesize

          256KB

          Download
        • memory/2264-6-0x0000000005F90000-0x00000000061A2000-memory.dmp
          Filesize

          2.1MB

          Download
        • memory/2264-7-0x0000000000430000-0x00000000004AC000-memory.dmp
          Filesize

          496KB

          Download
        • memory/2264-25-0x0000000000430000-0x00000000004A5000-memory.dmp
          Filesize

          468KB

          Download
        • memory/2264-39-0x0000000000430000-0x00000000004A5000-memory.dmp
          Filesize

          468KB

          Download
        • memory/2264-53-0x0000000000430000-0x00000000004A5000-memory.dmp
          Filesize

          468KB

          Download
        • memory/2264-51-0x0000000000430000-0x00000000004A5000-memory.dmp
          Filesize

          468KB

          Download
        • memory/2264-59-0x0000000000430000-0x00000000004A5000-memory.dmp
          Filesize

          468KB

          Download
        • memory/2264-71-0x0000000000430000-0x00000000004A5000-memory.dmp
          Filesize

          468KB

          Download
        • memory/2264-69-0x0000000000430000-0x00000000004A5000-memory.dmp
          Filesize

          468KB

          Download
        • memory/2264-67-0x0000000000430000-0x00000000004A5000-memory.dmp
          Filesize

          468KB

          Download
        • memory/2264-65-0x0000000000430000-0x00000000004A5000-memory.dmp
          Filesize

          468KB

          Download
        • memory/2264-63-0x0000000000430000-0x00000000004A5000-memory.dmp
          Filesize

          468KB

          Download
        • memory/2264-61-0x0000000000430000-0x00000000004A5000-memory.dmp
          Filesize

          468KB

          Download
        • memory/2264-57-0x0000000000430000-0x00000000004A5000-memory.dmp
          Filesize

          468KB

          Download
        • memory/2264-55-0x0000000000430000-0x00000000004A5000-memory.dmp
          Filesize

          468KB

          Download
        • memory/2264-49-0x0000000000430000-0x00000000004A5000-memory.dmp
          Filesize

          468KB

          Download
        • memory/2264-47-0x0000000000430000-0x00000000004A5000-memory.dmp
          Filesize

          468KB

          Download
        • memory/2264-45-0x0000000000430000-0x00000000004A5000-memory.dmp
          Filesize

          468KB

          Download
        • memory/2264-43-0x0000000000430000-0x00000000004A5000-memory.dmp
          Filesize

          468KB

          Download
        • memory/2264-41-0x0000000000430000-0x00000000004A5000-memory.dmp
          Filesize

          468KB

          Download
        • memory/2264-37-0x0000000000430000-0x00000000004A5000-memory.dmp
          Filesize

          468KB

          Download
        • memory/2264-35-0x0000000000430000-0x00000000004A5000-memory.dmp
          Filesize

          468KB

          Download
        • memory/2264-33-0x0000000000430000-0x00000000004A5000-memory.dmp
          Filesize

          468KB

          Download
        • memory/2264-31-0x0000000000430000-0x00000000004A5000-memory.dmp
          Filesize

          468KB

          Download
        • memory/2264-29-0x0000000000430000-0x00000000004A5000-memory.dmp
          Filesize

          468KB

          Download
        • memory/2264-27-0x0000000000430000-0x00000000004A5000-memory.dmp
          Filesize

          468KB

          Download
        • memory/2264-23-0x0000000000430000-0x00000000004A5000-memory.dmp
          Filesize

          468KB

          Download
        • memory/2264-21-0x0000000000430000-0x00000000004A5000-memory.dmp
          Filesize

          468KB

          Download
        • memory/2264-19-0x0000000000430000-0x00000000004A5000-memory.dmp
          Filesize

          468KB

          Download
        • memory/2264-17-0x0000000000430000-0x00000000004A5000-memory.dmp
          Filesize

          468KB

          Download
        • memory/2264-15-0x0000000000430000-0x00000000004A5000-memory.dmp
          Filesize

          468KB

          Download
        • memory/2264-13-0x0000000000430000-0x00000000004A5000-memory.dmp
          Filesize

          468KB

          Download
        • memory/2264-11-0x0000000000430000-0x00000000004A5000-memory.dmp
          Filesize

          468KB

          Download
        • memory/2264-9-0x0000000000430000-0x00000000004A5000-memory.dmp
          Filesize

          468KB

          Download
        • memory/2264-8-0x0000000000430000-0x00000000004A5000-memory.dmp
          Filesize

          468KB

          Download
        • memory/2264-2338-0x00000000051F0000-0x0000000005230000-memory.dmp
          Filesize

          256KB

          Download
        • memory/2264-2357-0x0000000074B80000-0x000000007526E000-memory.dmp
          Filesize

          6.9MB

          Download
        • memory/3008-2360-0x0000000074C80000-0x000000007522B000-memory.dmp
          Filesize

          5.7MB

          Download
        • memory/3008-2363-0x0000000002760000-0x00000000027A0000-memory.dmp
          Filesize

          256KB

          Download
        • memory/3008-2362-0x0000000002760000-0x00000000027A0000-memory.dmp
          Filesize

          256KB

          Download
        • memory/3008-2364-0x0000000002760000-0x00000000027A0000-memory.dmp
          Filesize

          256KB

          Download
        • memory/3008-2361-0x0000000074C80000-0x000000007522B000-memory.dmp
          Filesize

          5.7MB

          Download
        • memory/3008-2365-0x0000000074C80000-0x000000007522B000-memory.dmp
          Filesize

          5.7MB

          Download