General
-
Target
e94eb478945c8fcdb013eb50b79d1321_JaffaCakes118
-
Size
2.3MB
-
Sample
240409-fy6w2sba9s
-
MD5
e94eb478945c8fcdb013eb50b79d1321
-
SHA1
b65fb19afec78dcc298adb893db5708cc29554a8
-
SHA256
d58af9378246ebe61a0e340e9a49278977af657d2accb308fe8ef5a6c858a89e
-
SHA512
d9e7980f7fd49fe0a1589ac1eab216f3adb95b447d12e1cf6b0cd5802132083df7083bda47aada6b9251038f7b521997750f4eadd7f66496a6d3fc6ae9669ebc
-
SSDEEP
49152:YfwxBPBDa07kULthVm1/nIFwxVP6lClZnQBdjN0AkQcYAz:YfwfPBjvm/nIFwxEliQBdjNXkh
Malware Config
Extracted
bitrat
1.38
109.70.236.80:53166
-
communication_password
81dc9bdb52d04dc20036dbd8313ed055
-
tor_process
tor
Targets
-
-
Target
e94eb478945c8fcdb013eb50b79d1321_JaffaCakes118
-
Size
2.3MB
-
MD5
e94eb478945c8fcdb013eb50b79d1321
-
SHA1
b65fb19afec78dcc298adb893db5708cc29554a8
-
SHA256
d58af9378246ebe61a0e340e9a49278977af657d2accb308fe8ef5a6c858a89e
-
SHA512
d9e7980f7fd49fe0a1589ac1eab216f3adb95b447d12e1cf6b0cd5802132083df7083bda47aada6b9251038f7b521997750f4eadd7f66496a6d3fc6ae9669ebc
-
SSDEEP
49152:YfwxBPBDa07kULthVm1/nIFwxVP6lClZnQBdjN0AkQcYAz:YfwfPBjvm/nIFwxEliQBdjNXkh
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-