bitrat | d3f529f5c3a5511cc259fbc2874482444477c85e3e1106463a0d4a55a4b8c187

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 02:33

Target

249edb120bcc59692e5d359f4bcb6397.exe
Size

2.2MB
MD5

249edb120bcc59692e5d359f4bcb6397
SHA1

0c8feaa890a0dd0b29e86510c66245a5a9295f6f
SHA256

d3f529f5c3a5511cc259fbc2874482444477c85e3e1106463a0d4a55a4b8c187
SHA512

9dc2fe4e898dc83bb97abddd9b35f59674544065dbeede8efe01ae16b48176c0f4c3789fa9e06f126e40924014f5ef76b3f86f582e87b9559c35e9451de7e91b
SSDEEP

49152:s7X+21nek/ROLmCnBf27s1Nsjo2hnBCE6WQtsUM:WX51nek/RennBu7aNsjo2hhtQts

Score

10^/10

bitrat trojan

BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
trojan bitrat

Core1 .NET packer 1 IoCs

Detects packer/loader used by .NET malware.

resource	yara_rule
behavioral1/memory/1696-4-0x000000001D100000-0x000000001D520000-memory.dmp	Core1

C:\Users\Admin\AppData\Local\Temp\249edb120bcc59692e5d359f4bcb6397.exe
"C:\Users\Admin\AppData\Local\Temp\249edb120bcc59692e5d359f4bcb6397.exe"
1⤵
PID:1696

memory/1696-0-0x000000013FB40000-0x000000013FD74000-memory.dmp

Filesize
2.2MB

Download
memory/1696-1-0x000007FEF5B20000-0x000007FEF650C000-memory.dmp

Filesize
9.9MB

Download
memory/1696-2-0x000000001BEC0000-0x000000001C43E000-memory.dmp

Filesize
5.5MB

Download
memory/1696-3-0x000000001B4E0000-0x000000001B560000-memory.dmp

Filesize
512KB

Download
memory/1696-4-0x000000001D100000-0x000000001D520000-memory.dmp

Filesize
4.1MB

Download
memory/1696-5-0x000007FEF5B20000-0x000007FEF650C000-memory.dmp

Filesize
9.9MB

Download