Overview

overview

10

Static

static

10

fb46a7fb71...18.exe

windows7-x64

10

fb46a7fb71...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fb46a7fb710bb84d274bd77993a094a2_JaffaCakes118

  • Size

    3.8MB

  • Sample

    240419-13vd2agg76

  • MD5

    fb46a7fb710bb84d274bd77993a094a2

  • SHA1

    85670ac8a45a4c12983e282e3f4343d98aa460c8

  • SHA256

    6548ac6fe1d508fddbcc21c79f64419986982826f2251aa7e664c08c076bf4dd

  • SHA512

    e2c341d648eb45cc356160a74729531691763186a539167e15c7694e67c1932eb4512f65b4edfb7f4ff1d46bfdc3a3b5b0c8313da4f016fa627a315a158d7884

  • SSDEEP

    98304:X77Pmq33rE/JDLPWZADUGer7B6iY74M/SmlwXVZ:f+R/eZADUXR

Score
10/10
bitrattrojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

eter102.dvrlists.com:3050

Attributes
  • communication_password

    fea0f7015af40ae69a386f06f28a8d31

  • tor_process

    tor

Targets

    • Target

      fb46a7fb710bb84d274bd77993a094a2_JaffaCakes118

    • Size

      3.8MB

    • MD5

      fb46a7fb710bb84d274bd77993a094a2

    • SHA1

      85670ac8a45a4c12983e282e3f4343d98aa460c8

    • SHA256

      6548ac6fe1d508fddbcc21c79f64419986982826f2251aa7e664c08c076bf4dd

    • SHA512

      e2c341d648eb45cc356160a74729531691763186a539167e15c7694e67c1932eb4512f65b4edfb7f4ff1d46bfdc3a3b5b0c8313da4f016fa627a315a158d7884

    • SSDEEP

      98304:X77Pmq33rE/JDLPWZADUGer7B6iY74M/SmlwXVZ:f+R/eZADUXR

    Score
    10/10
    bitrattrojan

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks