General
-
Target
800a72a1b10482664128955fd3878dd5_JaffaCakes118
-
Size
4.3MB
-
Sample
240801-ltsrhsvbln
-
MD5
800a72a1b10482664128955fd3878dd5
-
SHA1
c8bb5f18dfd9ffb397c3e2615b8494c9ac858b14
-
SHA256
2a976682956855209a0d5e49d5c40f0d98ff85bd0e91c6b57f58e5151af42557
-
SHA512
d42d51205b9f4591a3b06c47fdf0b0e6836ce65c69da8f72e596a66c3c69d095c4e4b01e10ef96ec62560bae64d62d121a9689a435651d78a2b639d0e5db5341
-
SSDEEP
98304:12kBmhP9BU5yJcRzLU85bn9yLCJkkAiQpElkjZSYGoYK2fqWIpHV+wcgd9KEGzPc:wPwCCN5QLCJBAiQpElkjYY6K2oVSczG
Malware Config
Extracted
bitrat
1.34
185.157.162.234:54262
-
communication_password
2bb232c0b13c774965ef8558f0fbd615
-
tor_process
tor
Targets
-
-
Target
800a72a1b10482664128955fd3878dd5_JaffaCakes118
-
Size
4.3MB
-
MD5
800a72a1b10482664128955fd3878dd5
-
SHA1
c8bb5f18dfd9ffb397c3e2615b8494c9ac858b14
-
SHA256
2a976682956855209a0d5e49d5c40f0d98ff85bd0e91c6b57f58e5151af42557
-
SHA512
d42d51205b9f4591a3b06c47fdf0b0e6836ce65c69da8f72e596a66c3c69d095c4e4b01e10ef96ec62560bae64d62d121a9689a435651d78a2b639d0e5db5341
-
SSDEEP
98304:12kBmhP9BU5yJcRzLU85bn9yLCJkkAiQpElkjZSYGoYK2fqWIpHV+wcgd9KEGzPc:wPwCCN5QLCJBAiQpElkjYY6K2oVSczG
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-