bitrat | 0971fe410a012470e16537a2659a020df8183b5ee21b1419a3b5a53d7a215011

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19-03-2024 21:14

Target

5040-23-0x0000000000400000-0x00000000007D2000-memory.exe
Size

3.8MB
MD5

4211d71f2089f54d801481cbf9e259f1
SHA1

ad1ad25eca1ed056c5a71a3accbd8467f343ae35
SHA256

0971fe410a012470e16537a2659a020df8183b5ee21b1419a3b5a53d7a215011
SHA512

0653d9b26a6d37e92e439300be44dda1c068bf605e0f2dbec3014ee149624dd42304deb4b4ba5bc6c84822d9598fb15d6eaa2b3483511a594d317ec3d2fc5e61
SSDEEP

98304:l77Pmq33rE/JDLPWZADUGer7B6iY74M/MmlwXVZ:x+R/eZADUXR

Score

10^/10

bitrat trojan upx

BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
trojan bitrat

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral2/memory/4988-0-0x0000000000400000-0x00000000007D2000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\5040-23-0x0000000000400000-0x00000000007D2000-memory.exe
"C:\Users\Admin\AppData\Local\Temp\5040-23-0x0000000000400000-0x00000000007D2000-memory.exe"
1⤵
PID:4988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3804 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:8
1⤵
PID:2140

memory/4988-0-0x0000000000400000-0x00000000007D2000-memory.dmp

Filesize
3.8MB

Download