Overview

overview

10

Static

static

3

b82dda4e4f...18.exe

windows7-x64

10

b82dda4e4f...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b82dda4e4f447ccc662b53fe5a6f747a_JaffaCakes118

  • Size

    1.5MB

  • Sample

    240822-szkfnavbpg

  • MD5

    b82dda4e4f447ccc662b53fe5a6f747a

  • SHA1

    18756c436949ed13a506eab8c37fc489b8823003

  • SHA256

    f033e83644b1bc006000822386e3db3c1a32b884826d012cfcb668eaf562291b

  • SHA512

    f5ef060f76dd4300450675148df9b952f7a412f6530bcdf5888d9cb0a7f76e676025c0b28744b904628b9c2a826e59be39403ca53bd4e1ac12afe65d285edf28

  • SSDEEP

    24576:SdUs9S0LJdGBbVtubwdaGSHLIG54njS2l7UxkKfPc4wjvkZB33PE1wH:7sdGOQK7wwB3M1wH

Score
10/10
bitratdiscoverytrojan

Malware Config

Extracted

Family

bitrat

Version

1.34

C2

www.nexuslinx.xyz:1929

Attributes
  • communication_password

    6aa7162738d511a8f5cb6011e405d2dd

  • tor_process

    tor

Targets

    • Target

      b82dda4e4f447ccc662b53fe5a6f747a_JaffaCakes118

    • Size

      1.5MB

    • MD5

      b82dda4e4f447ccc662b53fe5a6f747a

    • SHA1

      18756c436949ed13a506eab8c37fc489b8823003

    • SHA256

      f033e83644b1bc006000822386e3db3c1a32b884826d012cfcb668eaf562291b

    • SHA512

      f5ef060f76dd4300450675148df9b952f7a412f6530bcdf5888d9cb0a7f76e676025c0b28744b904628b9c2a826e59be39403ca53bd4e1ac12afe65d285edf28

    • SSDEEP

      24576:SdUs9S0LJdGBbVtubwdaGSHLIG54njS2l7UxkKfPc4wjvkZB33PE1wH:7sdGOQK7wwB3M1wH

    Score
    10/10
    bitratdiscoverytrojan

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks