General

  • Target

    420e88e90e3407586f40e136a30a04ae_JaffaCakes118

  • Size

    2.2MB

  • Sample

    240330-xlgj3ada23

  • MD5

    420e88e90e3407586f40e136a30a04ae

  • SHA1

    e673ba46564e057f4961612a7c95636368ede324

  • SHA256

    ca4744fdad8ea57a09b0fe0e09be4e90fcfcfd923708ec8546c3c4ba009b8839

  • SHA512

    ba2d1c4f193886a75e3a6f2950806262c2697dced0908ab3a2deab4f4ff41f675ec70bdbc2f843ff3f57557191f39d435d5e8cdd7ae12c252c359dc3c7b8baed

  • SSDEEP

    49152:fjr8QuQLqpb0/udMUNPlam4t1Uyru4YNsbN:fnhuQWb0/uWUNPlL4t1dNYUN

Score
10/10

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

eewe.ddns.net:2880

Attributes
  • communication_password

    b18aba2f7c3bf981f4caba4a41e6b205

  • tor_process

    tor

Targets

    • Target

      07-20-21INVOICES.exe

    • Size

      1.7MB

    • MD5

      bdcdb05af6a2ac95bb13857ab6b6debc

    • SHA1

      93999f28d1c8391d60830be5202233b63db93301

    • SHA256

      09df08b715bf11a0bc6cb5cdc5cd724927ba6c6a18ca2896f153d9b424196767

    • SHA512

      7a25c9768a0181bf3000c56d8f739a1835aa9114761a20e7d8ed21318467556acc26e183e832b907122fe2f2c32ab1750ccb3d016a2abead43955ad7050f73e5

    • SSDEEP

      49152:7jr8QuQLqpb0/udMUNPlam4t1Uyru4YNsbN:7nhuQWb0/uWUNPlL4t1dNYUN

    Score
    10/10
    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks