Overview

overview

10

Static

static

3

9aab20d988...18.exe

windows7-x64

7

9aab20d988...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9aab20d98851ad1551512cfa4a451919_JaffaCakes118

  • Size

    4.4MB

  • Sample

    240815-tefseavdjr

  • MD5

    9aab20d98851ad1551512cfa4a451919

  • SHA1

    b8b8e9b0b4003543519c5eb793d75d6b43d87e68

  • SHA256

    a713e82b257e6893260e4a0a2abf2f87c50ad92375252d695423f3f21cb02020

  • SHA512

    067700259fabcf353f73b872250a7ddb3f4e5e61e1c7df2b32603443c940032934a2ff881b894a9dc24d6e125f70ed712b1e4bb40d4c9d8682a7518f69b3e6e8

  • SSDEEP

    98304:LbVzn8w6ASFT/ONlEJZU2iNXs2ywzJSZVFMetAPu2rWMqktOJbcYGN:LRFSVKEJZUpNXSwg1tAPu2li1cYi

Score
10/10
bitratdiscoverytrojan

Malware Config

Extracted

Family

bitrat

Version

1.34

C2

194.5.98.37:4898

Attributes
  • communication_password

    f830115cf81c3c3986d8ea87902cea65

  • tor_process

    tor

Targets

    • Target

      9aab20d98851ad1551512cfa4a451919_JaffaCakes118

    • Size

      4.4MB

    • MD5

      9aab20d98851ad1551512cfa4a451919

    • SHA1

      b8b8e9b0b4003543519c5eb793d75d6b43d87e68

    • SHA256

      a713e82b257e6893260e4a0a2abf2f87c50ad92375252d695423f3f21cb02020

    • SHA512

      067700259fabcf353f73b872250a7ddb3f4e5e61e1c7df2b32603443c940032934a2ff881b894a9dc24d6e125f70ed712b1e4bb40d4c9d8682a7518f69b3e6e8

    • SSDEEP

      98304:LbVzn8w6ASFT/ONlEJZU2iNXs2ywzJSZVFMetAPu2rWMqktOJbcYGN:LRFSVKEJZUpNXSwg1tAPu2li1cYi

    Score
    10/10
    discoverybitrattrojan

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks