bitrat | 9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118

Resubmissions

11-04-2024 11:14

240411-nb5z8sdd7y 10

11-04-2024 11:14

11-04-2024 11:14

11-04-2024 11:14

11-04-2024 11:14

09-04-2024 03:54

09-04-2024 03:53

09-04-2024 03:53

09-04-2024 03:53

03-04-2024 00:16

Sharing

Copy URL

Twitter E-mail

General

Target

9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118
Size

7.6MB
MD5

9b035bad2b8a21fb2c57fd784c89b8d5
SHA1

ee15fad65f3f22df7f54e218176c45d369ebb70f
SHA256

2d49873798ab5ee10992f377ebb27ee940b1f354b9ec4ebebe687177ea2b214c
SHA512

96c0189aba67db2f1c38affa5ac44665566ea17e20e5f749aef771739c81beb96bbcac8ea35aad80cffc9d492e23fcbaefbf03f72011d9bd1ccac36182466dde
SSDEEP

196608:imEljesxwhzav1yo31CPwDv3uFZjeg2EeJUO9WLQUDxtw3iFFrS6XOfTV73cP:balxwZ6v1CPwDv3uFteg2EeJUO9WLjD/

Score

10^/10

bitrat

Malware Config

Extracted

Family

bitrat

Version

1.32

7ix5nfolcp4ta4mk2dtihev73rw7d2edpbd5tp7sf7zgmpv66fpxnwqd.onion:80

Attributes

communication_password
e10adc3949ba59abbe56e057f20f883e
tor_process
dllhost

Signatures

BitRAT payload 1 IoCs

Processes:

resource yara_rule

sample family_bitrat
Bitrat family
bitrat

resource	yara_rule
sample	family_bitrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118

Files

9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ee29d956202a00089af753de40f7f116

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
HeapSize
PostQueuedCompletionStatus
FormatMessageW
GetLastError
SetEvent
TlsAlloc
HeapReAlloc
CloseHandle
RaiseException
HeapAlloc
DecodePointer
HeapDestroy
LocalFree
DeleteCriticalSection
GetProcessHeap
WideCharToMultiByte
TlsFree
FormatMessageA
CreateEventA
GetCurrentProcess
GetSystemTimes
GetTickCount64
GetProcessTimes
SetWaitableTimer
TlsSetValue
SetLastError
CreateWaitableTimerW
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
GetQueuedCompletionStatus
WaitForSingleObject
GetModuleHandleA
CreateEventW
MultiByteToWideChar
TerminateThread
QueueUserAPC
GetProcAddress
VerSetConditionMask
SleepEx
VerifyVersionInfoW
TlsGetValue
GetSystemTimeAsFileTime
CreateIoCompletionPort
CreateDirectoryW
ReadFile
SizeofResource
QueryDosDeviceW
GetVolumeInformationW
FindFirstFileW
WriteProcessMemory
FindFirstFileExW
SetPriorityClass
VirtualFree
GetFullPathNameW
FindNextFileW
lstrlenW
Wow64DisableWow64FsRedirection
GetSystemDefaultUILanguage
GetDiskFreeSpaceW
VirtualAlloc
TerminateProcess
GetModuleFileNameW
GetUserDefaultLocaleName
GetProcessId
K32GetModuleFileNameExW
GetProductInfo
Thread32Next
GetTempPathW
CreateMutexW
Thread32First
FindClose
GetLocaleInfoW
CreateFileW
GetFileAttributesW
GetVersionExW
K32GetProcessImageFileNameW
SuspendThread
GetSystemDirectoryW
ResumeThread
lstrcatA
OpenProcess
GetLogicalDriveStringsW
CreateToolhelp32Snapshot
Sleep
Process32NextW
K32GetProcessMemoryInfo
CreateFileA
GetCurrentThread
LoadLibraryA
LockResource
GlobalAlloc
Process32FirstW
GlobalFree
GetNativeSystemInfo
GetSystemInfo
FindResourceExW
LoadResource
FindResourceW
GetThreadContext
GetPriorityClass
GlobalLock
VirtualAllocEx
MoveFileExW
GetFileSize
ExitProcess
ReadProcessMemory
GetComputerNameW
FindFirstStreamW
GetCurrentProcessId
SystemTimeToFileTime
GlobalMemoryStatusEx
CreateProcessW
WinExec
QueryFullProcessImageNameW
CreateProcessA
DebugBreak
SetThreadContext
FindNextStreamW
GetTickCount
GlobalUnlock
GetDriveTypeW
GetFileTime
OpenThread
GetExitCodeProcess
Beep
WriteFile
CreatePipe
PeekNamedPipe
GetStartupInfoA
SetThreadPriority
GetCurrentThreadId
lstrcpyA
CreateThread
CreateTimerQueueTimer
VirtualProtect
GetCommandLineW
DeviceIoControl
GetModuleHandleW
IsDebuggerPresent
CreateTimerQueue
EncodePointer
TryEnterCriticalSection
DuplicateHandle
WaitForSingleObjectEx
GetExitCodeThread
QueryPerformanceCounter
QueryPerformanceFrequency
GetFileAttributesExW
GetFileInformationByHandle
SetEndOfFile
SetFilePointerEx
AreFileApisANSI
GetStringTypeW
GetCPInfo
CompareStringW
LCMapStringW
OutputDebugStringW
ResetEvent
ReleaseSemaphore
OpenEventA
GetLogicalProcessorInformation
GetCurrentDirectoryW
DeleteFileW
RemoveDirectoryW
CreateDirectoryExW
GetFileSizeEx
GetFileType
GetStdHandle
GetSystemTime
InitializeCriticalSection
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RegisterWaitForSingleObject
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
LoadLibraryExW
LoadLibraryW
SignalObjectAndWait
SwitchToThread
GetThreadPriority
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
UnregisterWait
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
RtlUnwind
SetConsoleCtrlHandler
ExitThread
GetModuleHandleExW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetModuleFileNameA
WriteConsoleW
SetEnvironmentVariableA
GetACP
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
GetTimeZoneInformation
ReadConsoleW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
VirtualQuery
LoadLibraryExA

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 595KB - Virtual size: 594KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 669KB - Virtual size: 696KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

ee29d956202a00089af753de40f7f116

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 595KB - Virtual size: 594KB

.data Size: 669KB - Virtual size: 696KB

.gfids Size: 4KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 4.0MB - Virtual size: 4.0MB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 595KB - Virtual size: 594KB

.data
Size: 669KB - Virtual size: 696KB

.gfids
Size: 4KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 4.0MB - Virtual size: 4.0MB