Overview

overview

10

Static

static

3

Revised Pr...67.exe

windows7-x64

10

Revised Pr...67.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ae11ba12696a0d0b62c8766f2ba1f170_JaffaCakes118

  • Size

    1.8MB

  • Sample

    240615-mwv54a1fmr

  • MD5

    ae11ba12696a0d0b62c8766f2ba1f170

  • SHA1

    f505e132d65375de5cd91c40551109d41b693896

  • SHA256

    93e00ffd1c88f8cd12a1e52d03e29e3a79e9bbb84ff21bc192f6b0d85424bbb8

  • SHA512

    999889343cf5c44aeb56ffbcc40ddff6650db67868551804613b099f6010a5476df23e62638e2c8d0a091837a5117119bf603be998cc45a4189ffd067bd6e280

  • SSDEEP

    49152:Vs0T/AbyU5dteTM9eh5EpZAXRk3lqD4nG0sAzm3TD72Es6s:q0bAbNdtkM9efEAXRcq0nNwXZC

Score
10/10
bitratpersistencetrojanupx

Malware Config

Targets

    • Target

      Revised Price Inquiry_No248102167.exe

    • Size

      1.8MB

    • MD5

      9a66d51e535e0820c7f2952c65682cff

    • SHA1

      5747e789714515f94fa61efd50fd04776299ba2a

    • SHA256

      897a44a1a5332bc964180ce5e0ee498e40929b9bb6d624f364a5be844599d757

    • SHA512

      51050d337dc495244cb74096da6b1c58e3046ba063a6f9fd62669c5faefd5358dc66482b316e42b7a458dd261603e838afded23b3ab1aab84c743c046b45b3dd

    • SSDEEP

      49152:0RCQO4+f1fDuSqZ4X9Cwir1EP6U1P23kZb5+eu/3:0KBfqf4X9CchO3kZ12P

    Score
    10/10
    bitratpersistencetrojanupx

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • BitRAT payload

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks