bitrat | 2a0152a3160b530e6fb4b5427b10e610bb2d3b375b38d9a1437d3ead6ff4b92d

Analysis

max time kernel
4s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29-12-2023 23:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

07756f43e7e8a0f53e79c210ddb2a0f6.exe
Size

3.7MB
MD5

07756f43e7e8a0f53e79c210ddb2a0f6
SHA1

c38c5d947fd9ecc9a326756307b3c1449dff00b7
SHA256

2a0152a3160b530e6fb4b5427b10e610bb2d3b375b38d9a1437d3ead6ff4b92d
SHA512

e37089aa356af57c698ae86a7d1aaf1417ebc6d055cc448ccde1148d4f01361c529559595080d9e207b29b9f4b503b4359981da34ec0d1ecded0c916c16170d6
SSDEEP

98304:n372j4yiDFuXOvWn5ZTda/lt0Jj0pyC2sGiupo7Jusew:niKHvWn5JdYT090svzo7Jug

Score

10^/10

bitrat blister loader trojan

Malware Config

Extracted

Family

bitrat

Version

1.38

139.28.219.45:443

Attributes

communication_password
a76d949640a165da25ccfe9a8fd82c8a
tor_process
tor

Signatures

BLISTER
BLISTER is a downloader used to deliver other malware families.
loader blister
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
trojan bitrat

Detect Blister loader x32 2 IoCs

loader

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\bibs_work\WMVCORE.DLL	family_blister_x32
behavioral2/memory/2228-3-0x000000002BD90000-0x000000002C277000-memory.dmp	family_blister_x32

Loads dropped DLL 1 IoCs

Processes:

07756f43e7e8a0f53e79c210ddb2a0f6.exe

pid process

2228 07756f43e7e8a0f53e79c210ddb2a0f6.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
2228	07756f43e7e8a0f53e79c210ddb2a0f6.exe

NSIS installer 2 IoCs

installer

Processes:

resource	yara_rule
C:\ProgramData\Helps_Config\Helps_Config.exe	nsis_installer_1
C:\ProgramData\Helps_Config\Helps_Config.exe	nsis_installer_2

C:\Users\Admin\AppData\Local\Temp\07756f43e7e8a0f53e79c210ddb2a0f6.exe
"C:\Users\Admin\AppData\Local\Temp\07756f43e7e8a0f53e79c210ddb2a0f6.exe"
1⤵
- Loads dropped DLL
PID:2228

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{3AD05575-8857-4850-9277-11B85BDB8E09}
1⤵
PID:3128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Helps_Config\Helps_Config.exe

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bibs_work\WMVCORE.DLL

Filesize
1024KB

MD5
8b71e2c6025e0e798b8234d4ddb161bd

SHA1
1448814d5b9c4d9923f820503881c3492f7cee58

SHA256
b7c8d37cd2d248450911f876e1dabaf9b2468928b0f1f5aa21ebefb109224e87

SHA512
f29c43ba86e5534ddfa52a434db95beb187daa6844439c092543b25c842916020d965c06d7cd8029c03e759e83a3b25210c6fff41eea65fd7e757f6251452cf1

Download Submit
memory/2228-17-0x0000000003300000-0x00000000036CE000-memory.dmp

Filesize
3.8MB

Download
memory/2228-16-0x0000000003300000-0x00000000036CE000-memory.dmp

Filesize
3.8MB

Download
memory/2228-13-0x0000000003300000-0x00000000036CE000-memory.dmp

Filesize
3.8MB

Download
memory/2228-14-0x0000000073190000-0x00000000731C9000-memory.dmp

Filesize
228KB

Download
memory/2228-18-0x0000000003300000-0x00000000036CE000-memory.dmp

Filesize
3.8MB

Download
memory/2228-21-0x0000000003300000-0x00000000036CE000-memory.dmp

Filesize
3.8MB

Download
memory/2228-20-0x0000000003300000-0x00000000036CE000-memory.dmp

Filesize
3.8MB

Download
memory/2228-19-0x0000000003300000-0x00000000036CE000-memory.dmp

Filesize
3.8MB

Download
memory/2228-3-0x000000002BD90000-0x000000002C277000-memory.dmp

Filesize
4.9MB

Download
memory/2228-8-0x0000000003300000-0x00000000036CE000-memory.dmp

Filesize
3.8MB

Download
memory/2228-15-0x0000000003300000-0x00000000036CE000-memory.dmp

Filesize
3.8MB

Download
memory/2228-22-0x0000000003300000-0x00000000036CE000-memory.dmp

Filesize
3.8MB

Download
memory/2228-23-0x0000000003300000-0x00000000036CE000-memory.dmp

Filesize
3.8MB

Download
memory/2228-26-0x0000000003300000-0x00000000036CE000-memory.dmp

Filesize
3.8MB

Download
memory/2228-27-0x0000000003300000-0x00000000036CE000-memory.dmp

Filesize
3.8MB

Download
memory/2228-28-0x0000000003300000-0x00000000036CE000-memory.dmp

Filesize
3.8MB

Download
memory/2228-29-0x0000000003300000-0x00000000036CE000-memory.dmp

Filesize
3.8MB

Download
memory/2228-30-0x0000000003300000-0x00000000036CE000-memory.dmp

Filesize
3.8MB

Download
memory/2228-31-0x0000000003300000-0x00000000036CE000-memory.dmp

Filesize
3.8MB

Download