General

  • Target

    188ea6da222629732fd7ec7e22f7cd3b_JaffaCakes118

  • Size

    6.2MB

  • Sample

    240628-dkn3za1ajr

  • MD5

    188ea6da222629732fd7ec7e22f7cd3b

  • SHA1

    1e9d81e4b41ca5fb4eb4cbb442c183fd4783c6ec

  • SHA256

    9a0a5ca2046e116e4e4c4c3afabfa11be5931f85b18df2732a26be06bf418f0f

  • SHA512

    4634a0e87524d14f3204f5d585d26225258762cc4bc57d043e0bf4fc8f57a6b623649a03690956626b721f04aa8f191bc158d3572c1688d2c28152c790d57ace

  • SSDEEP

    98304:xmBa4AnQ0WOpalZxd/9hMuP8WMLmuZKVSr6ZlDs6XnUbJp5KysMS04ESFtvbcI6T:x0oQ0WOpCZBxPukVSGqX5KyJ4ESjcIg

Malware Config

Extracted

Family

bitrat

Version

1.34

C2

2.56.212.226:1995

Attributes
  • communication_password

    a76d949640a165da25ccfe9a8fd82c8a

  • install_dir

    DiagnosticPerfos

  • install_file

    DiagnosticPerformer.exe

  • tor_process

    tor

Targets

    • Target

      188ea6da222629732fd7ec7e22f7cd3b_JaffaCakes118

    • Size

      6.2MB

    • MD5

      188ea6da222629732fd7ec7e22f7cd3b

    • SHA1

      1e9d81e4b41ca5fb4eb4cbb442c183fd4783c6ec

    • SHA256

      9a0a5ca2046e116e4e4c4c3afabfa11be5931f85b18df2732a26be06bf418f0f

    • SHA512

      4634a0e87524d14f3204f5d585d26225258762cc4bc57d043e0bf4fc8f57a6b623649a03690956626b721f04aa8f191bc158d3572c1688d2c28152c790d57ace

    • SSDEEP

      98304:xmBa4AnQ0WOpalZxd/9hMuP8WMLmuZKVSr6ZlDs6XnUbJp5KysMS04ESFtvbcI6T:x0oQ0WOpCZBxPukVSGqX5KyJ4ESjcIg

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    • Adds Run key to start application

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks