General

  • Target

    10a85509c4d5e93a689f543d3f8fd3ee_JaffaCakes118

  • Size

    5.3MB

  • Sample

    240626-elscfstepd

  • MD5

    10a85509c4d5e93a689f543d3f8fd3ee

  • SHA1

    65baefe2d021ce87d5a5e585551b128d65f07bb6

  • SHA256

    a777e0372a1a9202b89bc4528c03223e064b0e3db71559041fd884a6daed57c3

  • SHA512

    93aeaa06574a35b9aaebc40736f577aa296a95a1ead2efa198fe7843e09ae094ba1b2426cf7620e2423614b78836030393bd786b3a3eb3b6c939ea25d374e542

  • SSDEEP

    98304:Ut/jaS/6AIPAHtE6gcvpVNPEpSY4wS7HN8NFXeNem3gcCRVI+R3T5OH5YoqHSWp+:OaS4o+dcLNPEpSTzNyXsem3It3Tbc0+

Malware Config

Extracted

Family

bitrat

Version

1.34

C2

185.157.161.104:65312

Attributes
  • communication_password

    81dc9bdb52d04dc20036dbd8313ed055

  • tor_process

    tor

Targets

    • Target

      Codes.exe

    • Size

      6.4MB

    • MD5

      e20a92ba803ccdce1a2508542816f047

    • SHA1

      803131e516784cff0cb6ad6e6b5cb29bc39092b9

    • SHA256

      db7619d7304cbb9c7ad4bf8c74836f241aecac1fda067f3ffadadf7ee6d44930

    • SHA512

      72329831d13bf15f193af74ee558c5c391ff87dfc77132da533e67f8b16f0d43c16f6ecc6a2a24b3aff9d5b1263ecbfffa0057aadbefd1b2c28b8f8193494ccf

    • SSDEEP

      196608:IqWzFJ74xQUlQDIpa86HyHp9tQ0Nirvk2qSxHyzd3kn:IqWzR6aPC9tHi/qS1yyn

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    • Adds Run key to start application

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks