Overview

overview

10

Static

static

3

07756f43e7...f6.exe

windows7-x64

10

07756f43e7...f6.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    4s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-12-2023 23:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    07756f43e7e8a0f53e79c210ddb2a0f6.exe

  • Size

    3.7MB

  • MD5

    07756f43e7e8a0f53e79c210ddb2a0f6

  • SHA1

    c38c5d947fd9ecc9a326756307b3c1449dff00b7

  • SHA256

    2a0152a3160b530e6fb4b5427b10e610bb2d3b375b38d9a1437d3ead6ff4b92d

  • SHA512

    e37089aa356af57c698ae86a7d1aaf1417ebc6d055cc448ccde1148d4f01361c529559595080d9e207b29b9f4b503b4359981da34ec0d1ecded0c916c16170d6

  • SSDEEP

    98304:n372j4yiDFuXOvWn5ZTda/lt0Jj0pyC2sGiupo7Jusew:niKHvWn5JdYT090svzo7Jug

Score
10/10
bitratblisterloadertrojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

139.28.219.45:443

Attributes
  • communication_password

    a76d949640a165da25ccfe9a8fd82c8a

  • tor_process

    tor

Signatures

  • BLISTER

    BLISTER is a downloader used to deliver other malware families.

    loaderblister
  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat
  • Detect Blister loader x32 2 IoCs
    loader
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • NSIS installer 2 IoCs
    installer

Processes

  • C:\Users\Admin\AppData\Local\Temp\07756f43e7e8a0f53e79c210ddb2a0f6.exe
    "C:\Users\Admin\AppData\Local\Temp\07756f43e7e8a0f53e79c210ddb2a0f6.exe"
    1⤵
    • Loads dropped DLL
    PID:2228
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{3AD05575-8857-4850-9277-11B85BDB8E09}
    1⤵
      PID:3128

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\bibs_work\WMVCORE.DLL
      Filesize

      1024KB

      MD5

      8b71e2c6025e0e798b8234d4ddb161bd

      SHA1

      1448814d5b9c4d9923f820503881c3492f7cee58

      SHA256

      b7c8d37cd2d248450911f876e1dabaf9b2468928b0f1f5aa21ebefb109224e87

      SHA512

      f29c43ba86e5534ddfa52a434db95beb187daa6844439c092543b25c842916020d965c06d7cd8029c03e759e83a3b25210c6fff41eea65fd7e757f6251452cf1

      Download Submit

    • memory/2228-17-0x0000000003300000-0x00000000036CE000-memory.dmp

      Filesize

      3.8MB

      Download

    • memory/2228-16-0x0000000003300000-0x00000000036CE000-memory.dmp

      Filesize

      3.8MB

      Download

    • memory/2228-13-0x0000000003300000-0x00000000036CE000-memory.dmp

      Filesize

      3.8MB

      Download

    • memory/2228-14-0x0000000073190000-0x00000000731C9000-memory.dmp

      Filesize

      228KB

      Download

    • memory/2228-18-0x0000000003300000-0x00000000036CE000-memory.dmp

      Filesize

      3.8MB

      Download

    • memory/2228-21-0x0000000003300000-0x00000000036CE000-memory.dmp

      Filesize

      3.8MB

      Download

    • memory/2228-20-0x0000000003300000-0x00000000036CE000-memory.dmp

      Filesize

      3.8MB

      Download

    • memory/2228-19-0x0000000003300000-0x00000000036CE000-memory.dmp

      Filesize

      3.8MB

      Download

    • memory/2228-3-0x000000002BD90000-0x000000002C277000-memory.dmp

      Filesize

      4.9MB

      Download

    • memory/2228-8-0x0000000003300000-0x00000000036CE000-memory.dmp

      Filesize

      3.8MB

      Download

    • memory/2228-15-0x0000000003300000-0x00000000036CE000-memory.dmp

      Filesize

      3.8MB

      Download

    • memory/2228-22-0x0000000003300000-0x00000000036CE000-memory.dmp

      Filesize

      3.8MB

      Download

    • memory/2228-23-0x0000000003300000-0x00000000036CE000-memory.dmp

      Filesize

      3.8MB

      Download

    • memory/2228-26-0x0000000003300000-0x00000000036CE000-memory.dmp

      Filesize

      3.8MB

      Download

    • memory/2228-27-0x0000000003300000-0x00000000036CE000-memory.dmp

      Filesize

      3.8MB

      Download

    • memory/2228-28-0x0000000003300000-0x00000000036CE000-memory.dmp

      Filesize

      3.8MB

      Download

    • memory/2228-29-0x0000000003300000-0x00000000036CE000-memory.dmp

      Filesize

      3.8MB

      Download

    • memory/2228-30-0x0000000003300000-0x00000000036CE000-memory.dmp

      Filesize

      3.8MB

      Download

    • memory/2228-31-0x0000000003300000-0x00000000036CE000-memory.dmp

      Filesize

      3.8MB

      Download