Threat Database Trojans Trojan.Downloader.Agent.BTAL

Trojan.Downloader.Agent.BTAL

By CagedTech in Trojans

Analysis Report

General information

Family Name: Trojan.Downloader.Agent.BTAL
Signature status: No Signature

Known Samples

MD5: bb189bbb31cc8cfc759d5e5c9fbe1cf7
SHA1: c550e96311ebc52e9048bba798bce3a8ba441a58
SHA256: 0F881BA60B95EBA8D3B5631663D5DF29231074FE820FEAC9F595B568A292CE4F
File Size: 87.04 KB, 87040 bytes
MD5: 80a7c9e3e98036f771ae11b0f09e30b9
SHA1: 78dd9eab3fd7fe2f94e0a109d75771c0d54a54d0
SHA256: 562DEBD7AC04E663D1272CF8B270C8EC4625D69D02420BC6E5D3AF007D206B20
File Size: 66.05 KB, 66048 bytes
MD5: 696d47e2ee0a31e190e3ac54784f9a24
SHA1: f0a776315f89d3386304e8c7cda04e4d6cfa52a1
SHA256: F04D9471C40EA37F2084970B1E95BC7D5C9A38B4E7AE0CB58E57FE13DAEA370C
File Size: 64.51 KB, 64512 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name
  • https://anne.network
  • Jumpmind, Inc
  • SERPRO
File Description
  • 11.0.1
  • anne-node
  • SymmetricDS Service
File Version
  • 2a68456
  • 1.0
  • 0.0.1-SNAPSHOT
Internal Name
  • anne-node
  • irpjpva-fronteira
  • sym_service
Legal Copyright
  • 2024
  • annechain
  • Copyright © 2020-2025 SERPRO. All rights reserved.
Legal Trademarks SERPRO
Original Filename
  • anne-node.exe
  • SpedEcf.exe
  • sym_service.exe
Product Name
  • anne-node
  • Sped ECF
  • SymmetricDS
Product Version
  • 2a68456
  • 1.0
  • 0.0.1-SNAPSHOT

File Traits

  • x86

Block Information

Total Blocks: 312
Potentially Malicious Blocks: 1
Whitelisted Blocks: 311
Unknown Blocks: 0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Downloader.Agent.BTAI
  • Downloader.Agent.BTAL
  • Exploit.JD
  • Sofacy.B
  • Teslacrypt.EC

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::failed_count RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::state  RegNtPreCreateKey
HKCU\software\microsoft\edge\thirdparty::statuscodes (NULL) RegNtPreCreateKey
HKCU\software\microsoft\edge\thirdparty::statuscodes  RegNtPreCreateKey
Show More
HKCU\software\microsoft\edge\elfbeacon::version 141.0.3537.99 RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::state  RegNtPreCreateKey

Windows API Usage

Category API
Process Shell Execute
  • ShellExecute
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDeleteValueKey
Show More
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetValueKey
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWriteFile
  • UNKNOWN
Process Manipulation Evasion
  • ReadProcessMemory

Shell Command Execution

open http://java.com/download

Trending

Most Viewed

Loading...