General
-
Target
024a2b33f4a43ab679b44f1b9bcb6bcc_JaffaCakes118
-
Size
3.6MB
-
Sample
240727-3a8r3atgjl
-
MD5
024a2b33f4a43ab679b44f1b9bcb6bcc
-
SHA1
f154baff6d0e53d0f40ca49db29d911ec3231a8f
-
SHA256
4ad56ad56865d9c280cdff0b03a69b51a36a032847ee7d7bc62b8aecb0b6981c
-
SHA512
5b8d0e9605e929763ccbe286d4c63f3c12b0338cbcd1fcff301482de45c9f3d2e9240fab5f54179685a2c856a24af03c2fec4c6969070698d7da2b099b5c08a4
-
SSDEEP
49152:CxHSYI6JgG2BvvPG8i51PFZgBciXPFKz+cWvjVrKJczGdcN:+SYI6JgGkv3G8i5ZFZJiXPFOSp3zs
Malware Config
Targets
-
-
Target
024a2b33f4a43ab679b44f1b9bcb6bcc_JaffaCakes118
-
Size
3.6MB
-
MD5
024a2b33f4a43ab679b44f1b9bcb6bcc
-
SHA1
f154baff6d0e53d0f40ca49db29d911ec3231a8f
-
SHA256
4ad56ad56865d9c280cdff0b03a69b51a36a032847ee7d7bc62b8aecb0b6981c
-
SHA512
5b8d0e9605e929763ccbe286d4c63f3c12b0338cbcd1fcff301482de45c9f3d2e9240fab5f54179685a2c856a24af03c2fec4c6969070698d7da2b099b5c08a4
-
SSDEEP
49152:CxHSYI6JgG2BvvPG8i51PFZgBciXPFKz+cWvjVrKJczGdcN:+SYI6JgGkv3G8i5ZFZJiXPFOSp3zs
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
BitRAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-