Analysis
-
max time kernel
148s -
max time network
154s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
29-02-2024 11:48
General
-
Target
1026f3f2041ac034444810ec08cf93d80089576f1c9cfd7d39b3e8581069507e.exe
-
Size
3.8MB
-
MD5
ef76803ef1b7f012e12bb9961cf5a0fa
-
SHA1
c9104c035bade14e4ca91ce8f477bb78486cb17a
-
SHA256
1026f3f2041ac034444810ec08cf93d80089576f1c9cfd7d39b3e8581069507e
-
SHA512
e56809a732090d2656ec40ce13ce0f9be4cf0a01a72924ee097d086fca99061d0d5b6dede855b1bb271abbde9d780970d83de83665cc8ecdf0995e70551bc7d1
-
SSDEEP
98304:d77Pmq33rE/JDLPWZADUGer7B6iY74M/hmlwXVZ4FB0:5+R/eZADUXRg
Score
10/10
Malware Config
Extracted
Family
bitrat
Version
1.38
C2
paintedkitty.duckdns.org:4444
Attributes
-
communication_password
202cb962ac59075b964b07152d234b70
-
tor_process
tor
Signatures
-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1026f3f2041ac034444810ec08cf93d80089576f1c9cfd7d39b3e8581069507e.exe"C:\Users\Admin\AppData\Local\Temp\1026f3f2041ac034444810ec08cf93d80089576f1c9cfd7d39b3e8581069507e.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2140-0-0x0000000000400000-0x00000000007CE000-memory.dmpFilesize
3.8MB