bitrat | 697414e831f2574b2dc65e397d2dddc2acca45c47890308750af5cccbb2d46a8

Analysis

max time kernel
27s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 21:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1d9afc3b06154312da8b0b9395e8fe7f.exe
Size

2.2MB
MD5

1d9afc3b06154312da8b0b9395e8fe7f
SHA1

20e0e67522ee702e9f5f32d44af685cfc8b56009
SHA256

697414e831f2574b2dc65e397d2dddc2acca45c47890308750af5cccbb2d46a8
SHA512

deee37c33efc3250990517bb633805cd7564bc9c5d20383576fdc76cbadb3486d916fcbf790738713e2bb0b6aee450ee84bfc2e8140704e8c72725ccab77d39e
SSDEEP

49152:rpNxojZEgpJE8R7Wwlh78ebqNR9FGwQreXQ:rp7ojZhpJzRiwlhgsqvlYe

Score

10^/10

bitrat zgrat rat trojan

Malware Config

Extracted

Family

bitrat

Version

1.38

37.0.11.212:4444

Attributes

communication_password
81dc9bdb52d04dc20036dbd8313ed055
tor_process
tor

Signatures

BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
trojan bitrat

Detect ZGRat V1 34 IoCs

resource	yara_rule
behavioral2/memory/2872-9-0x00000000089A0000-0x0000000008A0E000-memory.dmp	family_zgrat_v1
behavioral2/memory/2872-37-0x00000000089A0000-0x0000000008A09000-memory.dmp	family_zgrat_v1
behavioral2/memory/2872-51-0x00000000089A0000-0x0000000008A09000-memory.dmp	family_zgrat_v1
behavioral2/memory/2872-63-0x00000000089A0000-0x0000000008A09000-memory.dmp	family_zgrat_v1
behavioral2/memory/2872-73-0x00000000089A0000-0x0000000008A09000-memory.dmp	family_zgrat_v1
behavioral2/memory/2872-71-0x00000000089A0000-0x0000000008A09000-memory.dmp	family_zgrat_v1
behavioral2/memory/2872-69-0x00000000089A0000-0x0000000008A09000-memory.dmp	family_zgrat_v1
behavioral2/memory/2872-67-0x00000000089A0000-0x0000000008A09000-memory.dmp	family_zgrat_v1
behavioral2/memory/2872-65-0x00000000089A0000-0x0000000008A09000-memory.dmp	family_zgrat_v1
behavioral2/memory/2872-61-0x00000000089A0000-0x0000000008A09000-memory.dmp	family_zgrat_v1
behavioral2/memory/2872-59-0x00000000089A0000-0x0000000008A09000-memory.dmp	family_zgrat_v1
behavioral2/memory/2872-57-0x00000000089A0000-0x0000000008A09000-memory.dmp	family_zgrat_v1
behavioral2/memory/2872-55-0x00000000089A0000-0x0000000008A09000-memory.dmp	family_zgrat_v1
behavioral2/memory/2872-53-0x00000000089A0000-0x0000000008A09000-memory.dmp	family_zgrat_v1
behavioral2/memory/2872-49-0x00000000089A0000-0x0000000008A09000-memory.dmp	family_zgrat_v1
behavioral2/memory/2872-47-0x00000000089A0000-0x0000000008A09000-memory.dmp	family_zgrat_v1
behavioral2/memory/2872-45-0x00000000089A0000-0x0000000008A09000-memory.dmp	family_zgrat_v1
behavioral2/memory/2872-43-0x00000000089A0000-0x0000000008A09000-memory.dmp	family_zgrat_v1
behavioral2/memory/2872-41-0x00000000089A0000-0x0000000008A09000-memory.dmp	family_zgrat_v1
behavioral2/memory/2872-39-0x00000000089A0000-0x0000000008A09000-memory.dmp	family_zgrat_v1
behavioral2/memory/2872-35-0x00000000089A0000-0x0000000008A09000-memory.dmp	family_zgrat_v1
behavioral2/memory/2872-33-0x00000000089A0000-0x0000000008A09000-memory.dmp	family_zgrat_v1
behavioral2/memory/2872-31-0x00000000089A0000-0x0000000008A09000-memory.dmp	family_zgrat_v1
behavioral2/memory/2872-29-0x00000000089A0000-0x0000000008A09000-memory.dmp	family_zgrat_v1
behavioral2/memory/2872-27-0x00000000089A0000-0x0000000008A09000-memory.dmp	family_zgrat_v1
behavioral2/memory/2872-25-0x00000000089A0000-0x0000000008A09000-memory.dmp	family_zgrat_v1
behavioral2/memory/2872-23-0x00000000089A0000-0x0000000008A09000-memory.dmp	family_zgrat_v1
behavioral2/memory/2872-21-0x00000000089A0000-0x0000000008A09000-memory.dmp	family_zgrat_v1
behavioral2/memory/2872-19-0x00000000089A0000-0x0000000008A09000-memory.dmp	family_zgrat_v1
behavioral2/memory/2872-17-0x00000000089A0000-0x0000000008A09000-memory.dmp	family_zgrat_v1
behavioral2/memory/2872-15-0x00000000089A0000-0x0000000008A09000-memory.dmp	family_zgrat_v1
behavioral2/memory/2872-13-0x00000000089A0000-0x0000000008A09000-memory.dmp	family_zgrat_v1
behavioral2/memory/2872-11-0x00000000089A0000-0x0000000008A09000-memory.dmp	family_zgrat_v1
behavioral2/memory/2872-10-0x00000000089A0000-0x0000000008A09000-memory.dmp	family_zgrat_v1

ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2872	1d9afc3b06154312da8b0b9395e8fe7f.exe

C:\Users\Admin\AppData\Local\Temp\1d9afc3b06154312da8b0b9395e8fe7f.exe
"C:\Users\Admin\AppData\Local\Temp\1d9afc3b06154312da8b0b9395e8fe7f.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2872
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Start-Sleep -s 5; Remove-Item -Path "C:\Users\Admin\AppData\Local\Temp\1d9afc3b06154312da8b0b9395e8fe7f.exe" -Force
  2⤵
  PID:4180
- C:\Users\Admin\AppData\Local\Temp\1d9afc3b06154312da8b0b9395e8fe7f.exe
  C:\Users\Admin\AppData\Local\Temp\1d9afc3b06154312da8b0b9395e8fe7f.exe
  2⤵
  PID:4408

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2872-0-0x0000000074BC0000-0x0000000075370000-memory.dmp

Filesize
7.7MB

Download
memory/2872-2-0x0000000005B30000-0x00000000060D4000-memory.dmp

Filesize
5.6MB

Download
memory/2872-3-0x00000000054B0000-0x0000000005542000-memory.dmp

Filesize
584KB

Download
memory/2872-1-0x00000000008A0000-0x0000000000AD8000-memory.dmp

Filesize
2.2MB

Download
memory/2872-4-0x00000000056B0000-0x00000000056C0000-memory.dmp

Filesize
64KB

Download
memory/2872-5-0x0000000005670000-0x000000000567A000-memory.dmp

Filesize
40KB

Download
memory/2872-6-0x0000000074BC0000-0x0000000075370000-memory.dmp

Filesize
7.7MB

Download
memory/2872-8-0x00000000069E0000-0x0000000006A56000-memory.dmp

Filesize
472KB

Download
memory/2872-7-0x0000000006750000-0x000000000695E000-memory.dmp

Filesize
2.1MB

Download
memory/2872-9-0x00000000089A0000-0x0000000008A0E000-memory.dmp

Filesize
440KB

Download
memory/2872-37-0x00000000089A0000-0x0000000008A09000-memory.dmp

Filesize
420KB

Download
memory/2872-51-0x00000000089A0000-0x0000000008A09000-memory.dmp

Filesize
420KB

Download
memory/2872-63-0x00000000089A0000-0x0000000008A09000-memory.dmp

Filesize
420KB

Download
memory/2872-73-0x00000000089A0000-0x0000000008A09000-memory.dmp

Filesize
420KB

Download
memory/2872-71-0x00000000089A0000-0x0000000008A09000-memory.dmp

Filesize
420KB

Download
memory/2872-69-0x00000000089A0000-0x0000000008A09000-memory.dmp

Filesize
420KB

Download
memory/2872-67-0x00000000089A0000-0x0000000008A09000-memory.dmp

Filesize
420KB

Download
memory/2872-65-0x00000000089A0000-0x0000000008A09000-memory.dmp

Filesize
420KB

Download
memory/2872-61-0x00000000089A0000-0x0000000008A09000-memory.dmp

Filesize
420KB

Download
memory/2872-59-0x00000000089A0000-0x0000000008A09000-memory.dmp

Filesize
420KB

Download
memory/2872-57-0x00000000089A0000-0x0000000008A09000-memory.dmp

Filesize
420KB

Download
memory/2872-55-0x00000000089A0000-0x0000000008A09000-memory.dmp

Filesize
420KB

Download
memory/2872-53-0x00000000089A0000-0x0000000008A09000-memory.dmp

Filesize
420KB

Download
memory/2872-49-0x00000000089A0000-0x0000000008A09000-memory.dmp

Filesize
420KB

Download
memory/2872-47-0x00000000089A0000-0x0000000008A09000-memory.dmp

Filesize
420KB

Download
memory/2872-45-0x00000000089A0000-0x0000000008A09000-memory.dmp

Filesize
420KB

Download
memory/2872-43-0x00000000089A0000-0x0000000008A09000-memory.dmp

Filesize
420KB

Download
memory/2872-41-0x00000000089A0000-0x0000000008A09000-memory.dmp

Filesize
420KB

Download
memory/2872-39-0x00000000089A0000-0x0000000008A09000-memory.dmp

Filesize
420KB

Download
memory/2872-35-0x00000000089A0000-0x0000000008A09000-memory.dmp

Filesize
420KB

Download
memory/2872-33-0x00000000089A0000-0x0000000008A09000-memory.dmp

Filesize
420KB

Download
memory/2872-31-0x00000000089A0000-0x0000000008A09000-memory.dmp

Filesize
420KB

Download
memory/2872-29-0x00000000089A0000-0x0000000008A09000-memory.dmp

Filesize
420KB

Download
memory/2872-27-0x00000000089A0000-0x0000000008A09000-memory.dmp

Filesize
420KB

Download
memory/2872-551-0x00000000056B0000-0x00000000056C0000-memory.dmp

Filesize
64KB

Download
memory/2872-25-0x00000000089A0000-0x0000000008A09000-memory.dmp

Filesize
420KB

Download
memory/2872-23-0x00000000089A0000-0x0000000008A09000-memory.dmp

Filesize
420KB

Download
memory/2872-21-0x00000000089A0000-0x0000000008A09000-memory.dmp

Filesize
420KB

Download
memory/2872-19-0x00000000089A0000-0x0000000008A09000-memory.dmp

Filesize
420KB

Download
memory/2872-17-0x00000000089A0000-0x0000000008A09000-memory.dmp

Filesize
420KB

Download
memory/2872-15-0x00000000089A0000-0x0000000008A09000-memory.dmp

Filesize
420KB

Download
memory/2872-13-0x00000000089A0000-0x0000000008A09000-memory.dmp

Filesize
420KB

Download
memory/2872-11-0x00000000089A0000-0x0000000008A09000-memory.dmp

Filesize
420KB

Download
memory/2872-10-0x00000000089A0000-0x0000000008A09000-memory.dmp

Filesize
420KB

Download
memory/2872-2175-0x0000000004F90000-0x0000000004FAE000-memory.dmp

Filesize
120KB

Download
memory/2872-2186-0x0000000074BC0000-0x0000000075370000-memory.dmp

Filesize
7.7MB

Download
memory/4180-2177-0x0000000002EE0000-0x0000000002F16000-memory.dmp

Filesize
216KB

Download
memory/4180-2181-0x0000000005AC0000-0x00000000060E8000-memory.dmp

Filesize
6.2MB

Download
memory/4180-2182-0x00000000030D0000-0x00000000030E0000-memory.dmp

Filesize
64KB

Download
memory/4180-2180-0x00000000030D0000-0x00000000030E0000-memory.dmp

Filesize
64KB

Download
memory/4180-2188-0x0000000005840000-0x0000000005862000-memory.dmp

Filesize
136KB

Download
memory/4180-2190-0x00000000061D0000-0x0000000006236000-memory.dmp

Filesize
408KB

Download
memory/4180-2200-0x0000000006240000-0x0000000006594000-memory.dmp

Filesize
3.3MB

Download
memory/4180-2189-0x0000000006160000-0x00000000061C6000-memory.dmp

Filesize
408KB

Download
memory/4180-2201-0x0000000006800000-0x000000000681E000-memory.dmp

Filesize
120KB

Download
memory/4180-2202-0x0000000006840000-0x000000000688C000-memory.dmp

Filesize
304KB

Download
memory/4180-2178-0x0000000074BC0000-0x0000000075370000-memory.dmp

Filesize
7.7MB

Download
memory/4180-2204-0x0000000006CF0000-0x0000000006D0A000-memory.dmp

Filesize
104KB

Download
memory/4180-2203-0x0000000007EB0000-0x000000000852A000-memory.dmp

Filesize
6.5MB

Download
memory/4180-2216-0x0000000006DE0000-0x0000000006E02000-memory.dmp

Filesize
136KB

Download
memory/4180-2215-0x0000000007830000-0x00000000078C6000-memory.dmp

Filesize
600KB

Download
memory/4180-2219-0x0000000074BC0000-0x0000000075370000-memory.dmp

Filesize
7.7MB

Download
memory/4408-2187-0x0000000000400000-0x00000000007CE000-memory.dmp

Filesize
3.8MB

Download
memory/4408-2206-0x0000000070DE0000-0x0000000070E19000-memory.dmp

Filesize
228KB

Download
memory/4408-2214-0x00000000703C0000-0x00000000703F9000-memory.dmp

Filesize
228KB

Download
memory/4408-2220-0x0000000000400000-0x00000000007CE000-memory.dmp

Filesize
3.8MB

Download
memory/4408-2223-0x0000000075480000-0x00000000754B9000-memory.dmp

Filesize
228KB

Download
memory/4408-2226-0x0000000075480000-0x00000000754B9000-memory.dmp

Filesize
228KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads