General
-
Target
8999d98d25e37a2e2273d8ae88137e7d_JaffaCakes118
-
Size
2.2MB
-
Sample
240811-jtmt6a1fkr
-
MD5
8999d98d25e37a2e2273d8ae88137e7d
-
SHA1
6230a6b8c42ba5dceb6bd331239d4e6ba5f74f8e
-
SHA256
be2a4d827c93a657161aba979c162fc390c0f9193b11fefc3dab9fe8cf03e110
-
SHA512
95b7f185f18f09cee8cbb6a163d2846d6f4445c72cfd9394553d89d6347440a58531304e484903eb63c76baa4375c86df1bc7d9bcfaf584f206d46a763571c4e
-
SSDEEP
49152:rYBmOuoX4kn2po7rdrhNu5HjHyQhojw8p/R3nsQ7ra3oF6QlNWOJOcUr:rYBmOWJ2SJo3NsQkoPoOJM
Malware Config
Targets
-
-
Target
8999d98d25e37a2e2273d8ae88137e7d_JaffaCakes118
-
Size
2.2MB
-
MD5
8999d98d25e37a2e2273d8ae88137e7d
-
SHA1
6230a6b8c42ba5dceb6bd331239d4e6ba5f74f8e
-
SHA256
be2a4d827c93a657161aba979c162fc390c0f9193b11fefc3dab9fe8cf03e110
-
SHA512
95b7f185f18f09cee8cbb6a163d2846d6f4445c72cfd9394553d89d6347440a58531304e484903eb63c76baa4375c86df1bc7d9bcfaf584f206d46a763571c4e
-
SSDEEP
49152:rYBmOuoX4kn2po7rdrhNu5HjHyQhojw8p/R3nsQ7ra3oF6QlNWOJOcUr:rYBmOWJ2SJo3NsQkoPoOJM
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
BitRAT payload
-
Modifies WinLogon for persistence
-
Drops startup file
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1