Analysis
-
max time kernel
152s -
max time network
165s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
29-02-2024 09:58
General
-
Target
0568f1eff0b3da74fd0f2ee51f6d12003c2471d05e547d5b7fb8d8a075d94cfd.exe
-
Size
3.8MB
-
MD5
d1644422f803c81a6125aeb367ae7feb
-
SHA1
ca59a64e8390d02331b273adc39ad19ef3149aa6
-
SHA256
0568f1eff0b3da74fd0f2ee51f6d12003c2471d05e547d5b7fb8d8a075d94cfd
-
SHA512
52732163630ec168ca31f67463ba818fbbbbc779a5d8a61af545fa25fd459086bdfe6686bf716660e9be90b8569b4ae67757feeff1000e245ab53998644d6dbd
-
SSDEEP
98304:d77Pmq33rE/JDLPWZADUGer7B6iY74M/5mlwXVZ4FB:5+R/eZADUXR
Score
10/10
Malware Config
Extracted
Family
bitrat
Version
1.38
C2
stellacy.duckdns.org:12321
Attributes
-
communication_password
3d150bce7883ebb1bfb333f9f184c11e
-
tor_process
tor
Signatures
-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0568f1eff0b3da74fd0f2ee51f6d12003c2471d05e547d5b7fb8d8a075d94cfd.exe"C:\Users\Admin\AppData\Local\Temp\0568f1eff0b3da74fd0f2ee51f6d12003c2471d05e547d5b7fb8d8a075d94cfd.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.8MB