bitrat | 9d585faa0851666f34381200277b38a1bef136ecd062fc53b158aa1b323fdf10[.]bin[.]sample[.]gz

General

Target

9d585faa0851666f34381200277b38a1bef136ecd062fc53b158aa1b323fdf10.bin.sample.gz
Size

5.4MB
MD5

e66762f7227f489e49478fd216c5350b
SHA1

6462dce9d97c01435ad7b1c610e9b01491b83df3
SHA256

9ea701c18c02ed5f5c0f9a2f095c0b568609f0735f2e39c572c67875071b01fc
SHA512

98ed27f33aed77bc9fc9c64dc2968349c223d3924b4b455724afc15cb9c83bc348880c9fa3b973bba702813dd1b7afe12774018178e9dfc054231da5e8eb76fe
SSDEEP

98304:8fgcht7rg3ONqAqIUAj8CMvIdiPXo4Ng6mNdHHQCWT+OAYcYLxvTHhJ1fyrdj3IF:8T7s7Vy8CYvXVN2NJe+LYcchJ1arC8Qp

Score

10^/10

upx bitrat

Malware Config

Signatures

BitRAT payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack002/out.upx	family_bitrat

Bitrat family
bitrat

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
static1/unpack001/sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/sample
unpack002/out.upx

Files

9d585faa0851666f34381200277b38a1bef136ecd062fc53b158aa1b323fdf10.bin.sample.gz
.gz
sample
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 4.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 4.3MB

UPX1 Size: 5.6MB - Virtual size: 5.6MB

.rsrc Size: 1024B - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 3.7MB - Virtual size: 3.7MB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 78KB - Virtual size: 129KB

.gfids Size: 4KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 4.6MB - Virtual size: 4.6MB

UPX0
Size: - Virtual size: 4.3MB

UPX1
Size: 5.6MB - Virtual size: 5.6MB

.rsrc
Size: 1024B - Virtual size: 4KB

.text
Size: 3.7MB - Virtual size: 3.7MB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 78KB - Virtual size: 129KB

.gfids
Size: 4KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 4.6MB - Virtual size: 4.6MB