Overview

overview

10

Static

static

3

14444c9c5d...18.exe

windows7-x64

10

14444c9c5d...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    14444c9c5db1ea8697998809b388650c_JaffaCakes118

  • Size

    3.3MB

  • Sample

    240329-a55pnsda4s

  • MD5

    14444c9c5db1ea8697998809b388650c

  • SHA1

    3e2c4b015ea01f502678cac5d1aeac5044b2dc34

  • SHA256

    b7e5029d6258a083904d38b575acd8eee6d49226a7c12282542cd8462320dea6

  • SHA512

    64c0631b0f8f0e41843befb43cd9e99ab91a6409b71a2864b312a534a65669003e35414231b4b55eb4afad490c9eefd693182088eadb5e45c809efb9da26c744

  • SSDEEP

    98304:eEAu0XsEpAZQKRjXrNELnnU/T24+daUZ8:Eu0cxaKRjbNELOax

Score
10/10
bitratevasiontrojan

Malware Config

Extracted

Family

bitrat

Version

1.34

C2

madehamozza.ddns.net:1234

Attributes
  • communication_password

    81dc9bdb52d04dc20036dbd8313ed055

  • tor_process

    tor

Targets

    • Target

      14444c9c5db1ea8697998809b388650c_JaffaCakes118

    • Size

      3.3MB

    • MD5

      14444c9c5db1ea8697998809b388650c

    • SHA1

      3e2c4b015ea01f502678cac5d1aeac5044b2dc34

    • SHA256

      b7e5029d6258a083904d38b575acd8eee6d49226a7c12282542cd8462320dea6

    • SHA512

      64c0631b0f8f0e41843befb43cd9e99ab91a6409b71a2864b312a534a65669003e35414231b4b55eb4afad490c9eefd693182088eadb5e45c809efb9da26c744

    • SSDEEP

      98304:eEAu0XsEpAZQKRjXrNELnnU/T24+daUZ8:Eu0cxaKRjbNELOax

    Score
    10/10
    bitratevasiontrojan

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

2
T1497

Credential Access

Discovery

Query Registry

3
T1012

Virtualization/Sandbox Evasion

2
T1497

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks