bitrat | d3f529f5c3a5511cc259fbc2874482444477c85e3e1106463a0d4a55a4b8c187

Analysis

max time kernel
132s
max time network
179s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 02:33

Target

249edb120bcc59692e5d359f4bcb6397.exe
Size

2.2MB
MD5

249edb120bcc59692e5d359f4bcb6397
SHA1

0c8feaa890a0dd0b29e86510c66245a5a9295f6f
SHA256

d3f529f5c3a5511cc259fbc2874482444477c85e3e1106463a0d4a55a4b8c187
SHA512

9dc2fe4e898dc83bb97abddd9b35f59674544065dbeede8efe01ae16b48176c0f4c3789fa9e06f126e40924014f5ef76b3f86f582e87b9559c35e9451de7e91b
SSDEEP

49152:s7X+21nek/ROLmCnBf27s1Nsjo2hnBCE6WQtsUM:WX51nek/RennBu7aNsjo2hhtQts

Score

10^/10

bitrat trojan

BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
trojan bitrat

Core1 .NET packer 1 IoCs

Detects packer/loader used by .NET malware.

resource	yara_rule
behavioral2/memory/1064-4-0x000000001D7C0000-0x000000001DBE0000-memory.dmp	Core1

C:\Users\Admin\AppData\Local\Temp\249edb120bcc59692e5d359f4bcb6397.exe
"C:\Users\Admin\AppData\Local\Temp\249edb120bcc59692e5d359f4bcb6397.exe"
1⤵
PID:1064

memory/1064-0-0x0000000000820000-0x0000000000A54000-memory.dmp

Filesize
2.2MB

Download
memory/1064-1-0x000000001CA40000-0x000000001CFBE000-memory.dmp

Filesize
5.5MB

Download
memory/1064-2-0x00007FFC8D6B0000-0x00007FFC8E171000-memory.dmp

Filesize
10.8MB

Download
memory/1064-3-0x000000001C630000-0x000000001C640000-memory.dmp

Filesize
64KB

Download
memory/1064-4-0x000000001D7C0000-0x000000001DBE0000-memory.dmp

Filesize
4.1MB

Download
memory/1064-6-0x00007FFC8D6B0000-0x00007FFC8E171000-memory.dmp

Filesize
10.8MB

Download