bitrat | caf48b67e7bb94a178426fc7ce6b9ed50ffb2f3813a7c68900f21bfffb24e44f

max time kernel
149s
max time network
153s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12/04/2024, 13:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

stub_tor.exe
Size

7.8MB
MD5

c76390d9e1052d9e708940d67b5c135d
SHA1

a370a73a9dd746584428e8a939288ecffd3c80f7
SHA256

caf48b67e7bb94a178426fc7ce6b9ed50ffb2f3813a7c68900f21bfffb24e44f
SHA512

4d2d38d8719cdac8a406cfa96944ee99d2d926511e64d6b6aa964d40d0d9ddb1dc6e4e6253bcb1e77b32613c0b4409ab32ea54c476018fee963574edb043dd3b
SSDEEP

196608:oIRcbH4jSteTGvExwhzav1yo31CPwDv3uFZjeg2EeJUO9WLQkDxtw3iFFrS6XOf:odHsfuExwZ6v1CPwDv3uFteg2EeJUO9E

Score

10^/10

bitrat persistence trojan upx

Malware Config

Extracted

Family

bitrat

Version

1.38

7sbl4dpbubwjjghdquwg47fyq7rookd4bgm2ypm2kjzkivd7tomvczqd.onion:440

Attributes

communication_password
4124bc0a9335c27f086f24ba207a4912
install_dir
Minecraft
install_file
Runtime_Broker
tor_process
tor

Signatures

BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
trojan bitrat

ACProtect 1.3x - 1.4x DLL software 7 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0009000000016d24-19.dat	acprotect
behavioral1/files/0x0007000000018b42-23.dat	acprotect
behavioral1/files/0x0007000000016d4f-26.dat	acprotect
behavioral1/files/0x0009000000016d55-30.dat	acprotect
behavioral1/files/0x00050000000194ef-34.dat	acprotect
behavioral1/files/0x0008000000016d84-35.dat	acprotect
behavioral1/files/0x00050000000194f4-38.dat	acprotect

Executes dropped EXE 7 IoCs

pid	Process
2832	tor.exe
908	tor.exe
2704	tor.exe
2892	tor.exe
1412	tor.exe
2840	tor.exe
1156	tor.exe

Loads dropped DLL 57 IoCs

pid	Process
2236	stub_tor.exe
2236	stub_tor.exe
2832	tor.exe
2832	tor.exe
2832	tor.exe
2832	tor.exe
2832	tor.exe
2832	tor.exe
2832	tor.exe
2236	stub_tor.exe
908	tor.exe
908	tor.exe
908	tor.exe
908	tor.exe
908	tor.exe
908	tor.exe
908	tor.exe
2236	stub_tor.exe
2704	tor.exe
2704	tor.exe
2704	tor.exe
2704	tor.exe
2704	tor.exe
2704	tor.exe
2704	tor.exe
2236	stub_tor.exe
2892	tor.exe
2892	tor.exe
2892	tor.exe
2892	tor.exe
2892	tor.exe
2892	tor.exe
2892	tor.exe
2236	stub_tor.exe
1412	tor.exe
1412	tor.exe
1412	tor.exe
1412	tor.exe
1412	tor.exe
1412	tor.exe
1412	tor.exe
2236	stub_tor.exe
2840	tor.exe
2840	tor.exe
2840	tor.exe
2840	tor.exe
2840	tor.exe
2840	tor.exe
2840	tor.exe
2236	stub_tor.exe
1156	tor.exe
1156	tor.exe
1156	tor.exe
1156	tor.exe
1156	tor.exe
1156	tor.exe
1156	tor.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x00050000000194f2-15.dat	upx
behavioral1/files/0x0009000000016d24-19.dat	upx
behavioral1/memory/2832-21-0x00000000013A0000-0x00000000017A4000-memory.dmp	upx
behavioral1/memory/2832-24-0x0000000073F20000-0x00000000741EF000-memory.dmp	upx
behavioral1/files/0x0007000000018b42-23.dat	upx
behavioral1/files/0x0007000000016d4f-26.dat	upx
behavioral1/files/0x0009000000016d55-30.dat	upx
behavioral1/memory/2832-32-0x0000000073E50000-0x0000000073F18000-memory.dmp	upx
behavioral1/memory/2832-33-0x0000000073D40000-0x0000000073E4A000-memory.dmp	upx
behavioral1/files/0x00050000000194ef-34.dat	upx
behavioral1/memory/2832-36-0x00000000743E0000-0x0000000074468000-memory.dmp	upx
behavioral1/memory/2832-27-0x0000000074470000-0x00000000744B9000-memory.dmp	upx
behavioral1/files/0x0008000000016d84-35.dat	upx
behavioral1/memory/2832-39-0x0000000073C70000-0x0000000073D3E000-memory.dmp	upx
behavioral1/files/0x00050000000194f4-38.dat	upx
behavioral1/memory/2832-41-0x0000000074720000-0x0000000074744000-memory.dmp	upx
behavioral1/memory/2832-46-0x00000000013A0000-0x00000000017A4000-memory.dmp	upx
behavioral1/memory/2832-47-0x00000000013A0000-0x00000000017A4000-memory.dmp	upx
behavioral1/memory/2832-48-0x0000000073F20000-0x00000000741EF000-memory.dmp	upx
behavioral1/memory/2832-49-0x0000000074470000-0x00000000744B9000-memory.dmp	upx
behavioral1/memory/2832-50-0x0000000073E50000-0x0000000073F18000-memory.dmp	upx
behavioral1/memory/2832-51-0x0000000073D40000-0x0000000073E4A000-memory.dmp	upx
behavioral1/memory/2832-52-0x00000000743E0000-0x0000000074468000-memory.dmp	upx
behavioral1/memory/2832-53-0x0000000073C70000-0x0000000073D3E000-memory.dmp	upx
behavioral1/memory/2832-54-0x0000000074720000-0x0000000074744000-memory.dmp	upx
behavioral1/memory/2832-60-0x00000000013A0000-0x00000000017A4000-memory.dmp	upx
behavioral1/memory/2832-74-0x00000000013A0000-0x00000000017A4000-memory.dmp	upx
behavioral1/memory/2832-82-0x00000000013A0000-0x00000000017A4000-memory.dmp	upx
behavioral1/memory/2832-100-0x00000000013A0000-0x00000000017A4000-memory.dmp	upx
behavioral1/memory/908-120-0x0000000073F20000-0x00000000741EF000-memory.dmp	upx
behavioral1/memory/908-122-0x0000000074470000-0x00000000744B9000-memory.dmp	upx
behavioral1/memory/908-124-0x0000000073E50000-0x0000000073F18000-memory.dmp	upx
behavioral1/memory/908-126-0x0000000073D40000-0x0000000073E4A000-memory.dmp	upx
behavioral1/memory/908-127-0x00000000013A0000-0x00000000017A4000-memory.dmp	upx
behavioral1/memory/908-128-0x00000000743E0000-0x0000000074468000-memory.dmp	upx
behavioral1/memory/908-130-0x0000000073C70000-0x0000000073D3E000-memory.dmp	upx
behavioral1/memory/908-129-0x0000000073F20000-0x00000000741EF000-memory.dmp	upx
behavioral1/memory/908-131-0x0000000074470000-0x00000000744B9000-memory.dmp	upx
behavioral1/memory/908-132-0x0000000074720000-0x0000000074744000-memory.dmp	upx
behavioral1/memory/908-134-0x0000000073D40000-0x0000000073E4A000-memory.dmp	upx
behavioral1/memory/908-133-0x0000000073E50000-0x0000000073F18000-memory.dmp	upx
behavioral1/memory/2236-154-0x0000000004910000-0x0000000004D14000-memory.dmp	upx
behavioral1/memory/2704-160-0x0000000073C50000-0x0000000073F1F000-memory.dmp	upx
behavioral1/memory/2704-161-0x0000000074420000-0x0000000074469000-memory.dmp	upx
behavioral1/memory/2704-162-0x0000000074120000-0x00000000741E8000-memory.dmp	upx
behavioral1/memory/2704-163-0x0000000074010000-0x000000007411A000-memory.dmp	upx
behavioral1/memory/2704-164-0x0000000073F80000-0x0000000074008000-memory.dmp	upx
behavioral1/memory/2704-165-0x0000000074490000-0x00000000744B4000-memory.dmp	upx
behavioral1/memory/2704-157-0x00000000013A0000-0x00000000017A4000-memory.dmp	upx
behavioral1/memory/2704-166-0x0000000073AC0000-0x0000000073B8E000-memory.dmp	upx
behavioral1/memory/2704-179-0x00000000013A0000-0x00000000017A4000-memory.dmp	upx
behavioral1/memory/2704-188-0x00000000013A0000-0x00000000017A4000-memory.dmp	upx
behavioral1/memory/2704-196-0x00000000013A0000-0x00000000017A4000-memory.dmp	upx
behavioral1/memory/2236-213-0x0000000004910000-0x0000000004D14000-memory.dmp	upx
behavioral1/memory/2892-222-0x0000000073C50000-0x0000000073F1F000-memory.dmp	upx
behavioral1/memory/2892-224-0x0000000074420000-0x0000000074469000-memory.dmp	upx
behavioral1/memory/2892-226-0x0000000074120000-0x00000000741E8000-memory.dmp	upx
behavioral1/memory/2892-229-0x0000000074010000-0x000000007411A000-memory.dmp	upx
behavioral1/memory/2892-232-0x0000000073F80000-0x0000000074008000-memory.dmp	upx
behavioral1/memory/2892-235-0x0000000073AC0000-0x0000000073B8E000-memory.dmp	upx
behavioral1/memory/2892-238-0x0000000074490000-0x00000000744B4000-memory.dmp	upx
behavioral1/memory/2892-240-0x00000000013A0000-0x00000000017A4000-memory.dmp	upx
behavioral1/memory/2892-245-0x0000000073C50000-0x0000000073F1F000-memory.dmp	upx
behavioral1/memory/2892-246-0x0000000074420000-0x0000000074469000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Run\Runtime_Broker = "C:\\Users\\Admin\\AppData\\Local\\Minecraft\\Runtime_Broker"	stub_tor.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs

pid	Process
2236	stub_tor.exe
2236	stub_tor.exe
2236	stub_tor.exe
2236	stub_tor.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: RenamesItself 25 IoCs

pid	Process
2236	stub_tor.exe
2236	stub_tor.exe
2236	stub_tor.exe
2236	stub_tor.exe
2236	stub_tor.exe
2236	stub_tor.exe
2236	stub_tor.exe
2236	stub_tor.exe
2236	stub_tor.exe
2236	stub_tor.exe
2236	stub_tor.exe
2236	stub_tor.exe
2236	stub_tor.exe
2236	stub_tor.exe
2236	stub_tor.exe
2236	stub_tor.exe
2236	stub_tor.exe
2236	stub_tor.exe
2236	stub_tor.exe
2236	stub_tor.exe
2236	stub_tor.exe
2236	stub_tor.exe
2236	stub_tor.exe
2236	stub_tor.exe
2236	stub_tor.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2236	stub_tor.exe
Token: SeShutdownPrivilege	2236	stub_tor.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2236	stub_tor.exe
2236	stub_tor.exe

Suspicious use of WriteProcessMemory 28 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 2832	2236	stub_tor.exe	28
PID 2236 wrote to memory of 2832	2236	stub_tor.exe	28
PID 2236 wrote to memory of 2832	2236	stub_tor.exe	28
PID 2236 wrote to memory of 2832	2236	stub_tor.exe	28
PID 2236 wrote to memory of 908	2236	stub_tor.exe	31
PID 2236 wrote to memory of 908	2236	stub_tor.exe	31
PID 2236 wrote to memory of 908	2236	stub_tor.exe	31
PID 2236 wrote to memory of 908	2236	stub_tor.exe	31
PID 2236 wrote to memory of 2704	2236	stub_tor.exe	32
PID 2236 wrote to memory of 2704	2236	stub_tor.exe	32
PID 2236 wrote to memory of 2704	2236	stub_tor.exe	32
PID 2236 wrote to memory of 2704	2236	stub_tor.exe	32
PID 2236 wrote to memory of 2892	2236	stub_tor.exe	33
PID 2236 wrote to memory of 2892	2236	stub_tor.exe	33
PID 2236 wrote to memory of 2892	2236	stub_tor.exe	33
PID 2236 wrote to memory of 2892	2236	stub_tor.exe	33
PID 2236 wrote to memory of 1412	2236	stub_tor.exe	34
PID 2236 wrote to memory of 1412	2236	stub_tor.exe	34
PID 2236 wrote to memory of 1412	2236	stub_tor.exe	34
PID 2236 wrote to memory of 1412	2236	stub_tor.exe	34
PID 2236 wrote to memory of 2840	2236	stub_tor.exe	35
PID 2236 wrote to memory of 2840	2236	stub_tor.exe	35
PID 2236 wrote to memory of 2840	2236	stub_tor.exe	35
PID 2236 wrote to memory of 2840	2236	stub_tor.exe	35
PID 2236 wrote to memory of 1156	2236	stub_tor.exe	36
PID 2236 wrote to memory of 1156	2236	stub_tor.exe	36
PID 2236 wrote to memory of 1156	2236	stub_tor.exe	36
PID 2236 wrote to memory of 1156	2236	stub_tor.exe	36

C:\Users\Admin\AppData\Local\Temp\stub_tor.exe
"C:\Users\Admin\AppData\Local\Temp\stub_tor.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: RenamesItself
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe
  "C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe" -f torrc
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2832
- C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe
  "C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe" -f torrc
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:908
- C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe
  "C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe" -f torrc
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2704
- C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe
  "C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe" -f torrc
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2892
- C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe
  "C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe" -f torrc
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1412
- C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe
  "C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe" -f torrc
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2840
- C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe
  "C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe" -f torrc
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\a5b260eb\tor\data\cached-certs

Filesize
20KB

MD5
2dc096af64c1166d80dffdb6d92c086d

SHA1
94e323c2e8d5cc3d9703f82c839078a31fd47634

SHA256
7f2cd8e426c2b4086582a4587e00d3da41c68510434f99915db7bb3e9589f1ba

SHA512
159990200e3ee87a494a59500615d581c661a60ab32b30624d5f59a860ff70d3f07fd194b316a06d692ec6b6daa6dbdeeb33a1405631a66975591ab8487b9d02

Download Submit
C:\Users\Admin\AppData\Local\a5b260eb\tor\data\cached-microdesc-consensus.tmp

Filesize
2.7MB

MD5
27acfbf94480631e547b5cb508d9d4fb

SHA1
f6477330ca9aeb4a8cd19cc44e1a30fa9695b36c

SHA256
0fd156526952ba5edb62133774a19bf72f71d3c968d01fcdb517521d45a67c5e

SHA512
902ccecfa284881c1f241802b9ccd51a85da0cc48632fbd944b686d37a4fa57bc7cd01c44ef79bfe475494be780164b82ff8fa9a3e77984f6e29467843138929

Download Submit
C:\Users\Admin\AppData\Local\a5b260eb\tor\data\cached-microdescs.new

Filesize
8.2MB

MD5
01e544cd391eb0af5d14ebe982915639

SHA1
aaf60060fdda04cf3580eab335842aff35e3d496

SHA256
3587475b50ad3e79d150934ba788c4cb6a8031f956acdf06c3c6a51e05b25afc

SHA512
eeb2c0fd45e1e5fc357c244480a7cb99ccf5b3b8fdee3eeb97f3e60b674cecd7780b31dd50ebf4137af52eb2f14d536e8aec08e9277f95f15aca42b13016daf0

Download Submit
C:\Users\Admin\AppData\Local\a5b260eb\tor\data\cached-microdescs.new

Filesize
5.9MB

MD5
c3d4c0813667d91a74ef339fc952828d

SHA1
0a218db36b3033c90eafa28b01ddcd309e87fc24

SHA256
988fe5f233b5ee37b6f3b55de3f096072845dac385ccc1cca25d6ded4be8600c

SHA512
2a73a5c7a3c29f15a93891b480ebdd588f3a24bb3c78506a3484f1d11ad04b200151f3eac61061e2e9c9f3039d5fdfcf18db6f5737655a197177c6d233b704ac

Download Submit
C:\Users\Admin\AppData\Local\a5b260eb\tor\data\cached-microdescs.new

Filesize
6.7MB

MD5
93bc5423c3a8c117f0b4cdaa083f4026

SHA1
df6444ca113587d8993b9c77afe191e5fe346bf9

SHA256
6c936c89cbfb4484445a94a6075f543b2ea30449d64056977af9101d962d9a71

SHA512
844fdb3ef100a5d76c65d7a4e46a84f0cc8bc62f5eab3cdfc5b945dfd4f78c74ea3049d24f07e26e41c7fecf20cabbbdc0ddce684988cc0f6ad6fe148f29f9ba

Download Submit
C:\Users\Admin\AppData\Local\a5b260eb\tor\data\state

Filesize
232B

MD5
4ca28478c26c7c77ebe613842b21b5c3

SHA1
59dea4372023613a734e7732af907a7890c8b824

SHA256
dc00083eaabf49f795af02da941542e74e3fac2f79db60623b86460d3bd84732

SHA512
a8a5881478df7413052a84ec4525630f55b0e0c6d94cb3fd860d622bc274a2fd78c31b60563840018397d893fa9b009c0189651f84e0daaaf1cb1a9d4fdaee2d

Download Submit
C:\Users\Admin\AppData\Local\a5b260eb\tor\libcrypto-1_1.dll

Filesize
1.7MB

MD5
2384a02c4a1f7ec481adde3a020607d3

SHA1
7e848d35a10bf9296c8fa41956a3daa777f86365

SHA256
c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369

SHA512
1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

Download Submit
C:\Users\Admin\AppData\Local\a5b260eb\tor\libevent-2-1-6.dll

Filesize
366KB

MD5
099983c13bade9554a3c17484e5481f1

SHA1
a84e69ad9722f999252d59d0ed9a99901a60e564

SHA256
b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838

SHA512
89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

Download Submit
C:\Users\Admin\AppData\Local\a5b260eb\tor\libssl-1_1.dll

Filesize
439KB

MD5
c88826ac4bb879622e43ead5bdb95aeb

SHA1
87d29853649a86f0463bfd9ad887b85eedc21723

SHA256
c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f

SHA512
f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

Download Submit
C:\Users\Admin\AppData\Local\a5b260eb\tor\libssp-0.dll

Filesize
88KB

MD5
2c916456f503075f746c6ea649cf9539

SHA1
fa1afc1f3d728c89b2e90e14ca7d88b599580a9d

SHA256
cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6

SHA512
1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

Download Submit
C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe

Filesize
973KB

MD5
5cfe61ff895c7daa889708665ef05d7b

SHA1
5e58efe30406243fbd58d4968b0492ddeef145f2

SHA256
f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5

SHA512
43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

Download Submit
C:\Users\Admin\AppData\Local\a5b260eb\tor\torrc

Filesize
157B

MD5
8ea874223f853aac5ea469ccc164a8f9

SHA1
70d31011547870c9f930496dbf9fb7ec296a8c28

SHA256
95e134044f370b2a96408d581f3c0381fe95388dae27c6d9598f44dc7d72b9ed

SHA512
fd1dc20219fbf4863926d90b5a2127b65e165656eac4493a80288d0c57fc309ed998b5d30fe8ce313987ee367fc4fe9b6026ff32d4391950d7f26ca7b6fdcdf2

Download Submit
C:\Users\Admin\AppData\Local\a5b260eb\tor\zlib1.dll

Filesize
52KB

MD5
add33041af894b67fe34e1dc819b7eb6

SHA1
6db46eb021855a587c95479422adcc774a272eeb

SHA256
8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183

SHA512
bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

Download Submit
\Users\Admin\AppData\Local\a5b260eb\tor\libgcc_s_sjlj-1.dll

Filesize
286KB

MD5
b0d98f7157d972190fe0759d4368d320

SHA1
5715a533621a2b642aad9616e603c6907d80efc4

SHA256
2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5

SHA512
41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

Download Submit
\Users\Admin\AppData\Local\a5b260eb\tor\libwinpthread-1.dll

Filesize
188KB

MD5
d407cc6d79a08039a6f4b50539e560b8

SHA1
21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71

SHA256
92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e

SHA512
378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

Download Submit
memory/908-128-0x00000000743E0000-0x0000000074468000-memory.dmp

Filesize
544KB

Download
memory/908-120-0x0000000073F20000-0x00000000741EF000-memory.dmp

Filesize
2.8MB

Download
memory/908-133-0x0000000073E50000-0x0000000073F18000-memory.dmp

Filesize
800KB

Download
memory/908-134-0x0000000073D40000-0x0000000073E4A000-memory.dmp

Filesize
1.0MB

Download
memory/908-132-0x0000000074720000-0x0000000074744000-memory.dmp

Filesize
144KB

Download
memory/908-131-0x0000000074470000-0x00000000744B9000-memory.dmp

Filesize
292KB

Download
memory/908-129-0x0000000073F20000-0x00000000741EF000-memory.dmp

Filesize
2.8MB

Download
memory/908-130-0x0000000073C70000-0x0000000073D3E000-memory.dmp

Filesize
824KB

Download
memory/908-127-0x00000000013A0000-0x00000000017A4000-memory.dmp

Filesize
4.0MB

Download
memory/908-126-0x0000000073D40000-0x0000000073E4A000-memory.dmp

Filesize
1.0MB

Download
memory/908-124-0x0000000073E50000-0x0000000073F18000-memory.dmp

Filesize
800KB

Download
memory/908-122-0x0000000074470000-0x00000000744B9000-memory.dmp

Filesize
292KB

Download
memory/1412-264-0x00000000013A0000-0x00000000017A4000-memory.dmp

Filesize
4.0MB

Download
memory/1412-272-0x0000000074720000-0x0000000074744000-memory.dmp

Filesize
144KB

Download
memory/1412-273-0x0000000073C70000-0x0000000073D3E000-memory.dmp

Filesize
824KB

Download
memory/1412-271-0x00000000743E0000-0x0000000074468000-memory.dmp

Filesize
544KB

Download
memory/1412-300-0x00000000013A0000-0x00000000017A4000-memory.dmp

Filesize
4.0MB

Download
memory/1412-270-0x0000000073D40000-0x0000000073E4A000-memory.dmp

Filesize
1.0MB

Download
memory/1412-269-0x0000000073E50000-0x0000000073F18000-memory.dmp

Filesize
800KB

Download
memory/1412-302-0x0000000073F20000-0x00000000741EF000-memory.dmp

Filesize
2.8MB

Download
memory/1412-268-0x0000000074470000-0x00000000744B9000-memory.dmp

Filesize
292KB

Download
memory/1412-267-0x0000000073F20000-0x00000000741EF000-memory.dmp

Filesize
2.8MB

Download
memory/2236-154-0x0000000004910000-0x0000000004D14000-memory.dmp

Filesize
4.0MB

Download
memory/2236-263-0x0000000004910000-0x0000000004D14000-memory.dmp

Filesize
4.0MB

Download
memory/2236-111-0x0000000004910000-0x0000000004D14000-memory.dmp

Filesize
4.0MB

Download
memory/2236-0-0x0000000000400000-0x0000000000BD8000-memory.dmp

Filesize
7.8MB

Download
memory/2236-318-0x0000000004910000-0x0000000004D14000-memory.dmp

Filesize
4.0MB

Download
memory/2236-17-0x0000000003ED0000-0x00000000042D4000-memory.dmp

Filesize
4.0MB

Download
memory/2236-20-0x0000000003ED0000-0x00000000042D4000-memory.dmp

Filesize
4.0MB

Download
memory/2236-187-0x0000000004910000-0x0000000004D14000-memory.dmp

Filesize
4.0MB

Download
memory/2236-45-0x0000000003ED0000-0x00000000042D4000-memory.dmp

Filesize
4.0MB

Download
memory/2236-301-0x0000000004910000-0x0000000004D14000-memory.dmp

Filesize
4.0MB

Download
memory/2236-213-0x0000000004910000-0x0000000004D14000-memory.dmp

Filesize
4.0MB

Download
memory/2704-196-0x00000000013A0000-0x00000000017A4000-memory.dmp

Filesize
4.0MB

Download
memory/2704-188-0x00000000013A0000-0x00000000017A4000-memory.dmp

Filesize
4.0MB

Download
memory/2704-179-0x00000000013A0000-0x00000000017A4000-memory.dmp

Filesize
4.0MB

Download
memory/2704-160-0x0000000073C50000-0x0000000073F1F000-memory.dmp

Filesize
2.8MB

Download
memory/2704-161-0x0000000074420000-0x0000000074469000-memory.dmp

Filesize
292KB

Download
memory/2704-162-0x0000000074120000-0x00000000741E8000-memory.dmp

Filesize
800KB

Download
memory/2704-163-0x0000000074010000-0x000000007411A000-memory.dmp

Filesize
1.0MB

Download
memory/2704-164-0x0000000073F80000-0x0000000074008000-memory.dmp

Filesize
544KB

Download
memory/2704-165-0x0000000074490000-0x00000000744B4000-memory.dmp

Filesize
144KB

Download
memory/2704-157-0x00000000013A0000-0x00000000017A4000-memory.dmp

Filesize
4.0MB

Download
memory/2704-166-0x0000000073AC0000-0x0000000073B8E000-memory.dmp

Filesize
824KB

Download
memory/2832-49-0x0000000074470000-0x00000000744B9000-memory.dmp

Filesize
292KB

Download
memory/2832-36-0x00000000743E0000-0x0000000074468000-memory.dmp

Filesize
544KB

Download
memory/2832-82-0x00000000013A0000-0x00000000017A4000-memory.dmp

Filesize
4.0MB

Download
memory/2832-74-0x00000000013A0000-0x00000000017A4000-memory.dmp

Filesize
4.0MB

Download
memory/2832-60-0x00000000013A0000-0x00000000017A4000-memory.dmp

Filesize
4.0MB

Download
memory/2832-54-0x0000000074720000-0x0000000074744000-memory.dmp

Filesize
144KB

Download
memory/2832-53-0x0000000073C70000-0x0000000073D3E000-memory.dmp

Filesize
824KB

Download
memory/2832-21-0x00000000013A0000-0x00000000017A4000-memory.dmp

Filesize
4.0MB

Download
memory/2832-24-0x0000000073F20000-0x00000000741EF000-memory.dmp

Filesize
2.8MB

Download
memory/2832-32-0x0000000073E50000-0x0000000073F18000-memory.dmp

Filesize
800KB

Download
memory/2832-33-0x0000000073D40000-0x0000000073E4A000-memory.dmp

Filesize
1.0MB

Download
memory/2832-100-0x00000000013A0000-0x00000000017A4000-memory.dmp

Filesize
4.0MB

Download
memory/2832-27-0x0000000074470000-0x00000000744B9000-memory.dmp

Filesize
292KB

Download
memory/2832-39-0x0000000073C70000-0x0000000073D3E000-memory.dmp

Filesize
824KB

Download
memory/2832-41-0x0000000074720000-0x0000000074744000-memory.dmp

Filesize
144KB

Download
memory/2832-46-0x00000000013A0000-0x00000000017A4000-memory.dmp

Filesize
4.0MB

Download
memory/2832-47-0x00000000013A0000-0x00000000017A4000-memory.dmp

Filesize
4.0MB

Download
memory/2832-48-0x0000000073F20000-0x00000000741EF000-memory.dmp

Filesize
2.8MB

Download
memory/2832-50-0x0000000073E50000-0x0000000073F18000-memory.dmp

Filesize
800KB

Download
memory/2832-52-0x00000000743E0000-0x0000000074468000-memory.dmp

Filesize
544KB

Download
memory/2832-51-0x0000000073D40000-0x0000000073E4A000-memory.dmp

Filesize
1.0MB

Download
memory/2840-321-0x0000000074470000-0x00000000744B9000-memory.dmp

Filesize
292KB

Download
memory/2840-334-0x0000000074720000-0x0000000074744000-memory.dmp

Filesize
144KB

Download
memory/2840-331-0x0000000073C70000-0x0000000073D3E000-memory.dmp

Filesize
824KB

Download
memory/2840-328-0x00000000743E0000-0x0000000074468000-memory.dmp

Filesize
544KB

Download
memory/2840-325-0x0000000073D40000-0x0000000073E4A000-memory.dmp

Filesize
1.0MB

Download
memory/2840-323-0x0000000073E50000-0x0000000073F18000-memory.dmp

Filesize
800KB

Download
memory/2840-319-0x00000000013A0000-0x00000000017A4000-memory.dmp

Filesize
4.0MB

Download
memory/2892-240-0x00000000013A0000-0x00000000017A4000-memory.dmp

Filesize
4.0MB

Download
memory/2892-229-0x0000000074010000-0x000000007411A000-memory.dmp

Filesize
1.0MB

Download
memory/2892-226-0x0000000074120000-0x00000000741E8000-memory.dmp

Filesize
800KB

Download
memory/2892-224-0x0000000074420000-0x0000000074469000-memory.dmp

Filesize
292KB

Download
memory/2892-222-0x0000000073C50000-0x0000000073F1F000-memory.dmp

Filesize
2.8MB

Download
memory/2892-232-0x0000000073F80000-0x0000000074008000-memory.dmp

Filesize
544KB

Download
memory/2892-235-0x0000000073AC0000-0x0000000073B8E000-memory.dmp

Filesize
824KB

Download
memory/2892-238-0x0000000074490000-0x00000000744B4000-memory.dmp

Filesize
144KB

Download
memory/2892-248-0x0000000074010000-0x000000007411A000-memory.dmp

Filesize
1.0MB

Download
memory/2892-245-0x0000000073C50000-0x0000000073F1F000-memory.dmp

Filesize
2.8MB

Download
memory/2892-246-0x0000000074420000-0x0000000074469000-memory.dmp

Filesize
292KB

Download
memory/2892-247-0x0000000074120000-0x00000000741E8000-memory.dmp

Filesize
800KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads