Overview

overview

10

Static

static

3

b82dda4e4f...18.exe

windows7-x64

10

b82dda4e4f...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    22-08-2024 15:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b82dda4e4f447ccc662b53fe5a6f747a_JaffaCakes118.exe

  • Size

    1.5MB

  • MD5

    b82dda4e4f447ccc662b53fe5a6f747a

  • SHA1

    18756c436949ed13a506eab8c37fc489b8823003

  • SHA256

    f033e83644b1bc006000822386e3db3c1a32b884826d012cfcb668eaf562291b

  • SHA512

    f5ef060f76dd4300450675148df9b952f7a412f6530bcdf5888d9cb0a7f76e676025c0b28744b904628b9c2a826e59be39403ca53bd4e1ac12afe65d285edf28

  • SSDEEP

    24576:SdUs9S0LJdGBbVtubwdaGSHLIG54njS2l7UxkKfPc4wjvkZB33PE1wH:7sdGOQK7wwB3M1wH

Score
10/10
bitratdiscoverytrojan

Malware Config

Extracted

Family

bitrat

Version

1.34

C2

www.nexuslinx.xyz:1929

Attributes
  • communication_password

    6aa7162738d511a8f5cb6011e405d2dd

  • tor_process

    tor

Signatures

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat
  • Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Gathers network information 2 TTPs 1 IoCs

    Uses commandline utility to view network configuration.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b82dda4e4f447ccc662b53fe5a6f747a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b82dda4e4f447ccc662b53fe5a6f747a_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1772
    • C:\Windows\SysWOW64\ipconfig.exe
      "C:\Windows\system32\ipconfig.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      • Gathers network information
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:3364
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\system32\cmd.exe"
        3⤵
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        PID:9176

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SpendInadvertency32
    Filesize

    41B

    MD5

    56b83f70f14a4b518cb633b432a093f8

    SHA1

    1adf1d4a4da39fa5be5c0f66ff98d95b52e7e0d6

    SHA256

    e5fcd75c3dd2563bc503d34e3228cb53129639fcc096c715bcb75c51cee1c4e8

    SHA512

    ab545916f15192d2699800cbdb4d495f7b2e59a696629ae2bbaf0d59d2f24ea77c44d2a92f211972b4842a745fdd3130966ea78424d6813c30205a231ecdd15e

    Download Submit

  • memory/1772-27141-0x0000000000320000-0x000000000032B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1772-27143-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1772-27144-0x0000000000400000-0x0000000000581000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/1772-27145-0x0000000000320000-0x000000000032B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1772-0-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3364-27154-0x0000000016310000-0x00000000166E9000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/3364-27142-0x0000000000090000-0x0000000000092000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3364-27148-0x0000000000230000-0x0000000000238000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3364-27149-0x0000000016310000-0x00000000166E9000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/9176-27159-0x0000000000400000-0x00000000007CE000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/9176-27169-0x0000000000400000-0x00000000007CE000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/9176-27153-0x0000000000090000-0x0000000000098000-memory.dmp

    Filesize

    32KB

    Download

  • memory/9176-27158-0x0000000000400000-0x00000000007CE000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/9176-27152-0x0000000000400000-0x00000000007CE000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/9176-27165-0x0000000000400000-0x00000000007CE000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/9176-27166-0x0000000000400000-0x00000000007CE000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/9176-27167-0x0000000000400000-0x00000000007CE000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/9176-27168-0x0000000000400000-0x00000000007CE000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/9176-27151-0x0000000000400000-0x00000000007CE000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/9176-27170-0x0000000000400000-0x00000000007CE000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/9176-27172-0x0000000000400000-0x00000000007CE000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/9176-27171-0x0000000000400000-0x00000000007CE000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/9176-27173-0x0000000000400000-0x00000000007CE000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/9176-27174-0x0000000000400000-0x00000000007CE000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/9176-27175-0x0000000000400000-0x00000000007CE000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/9176-27176-0x0000000000400000-0x00000000007CE000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/9176-27177-0x0000000000400000-0x00000000007CE000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/9176-27178-0x0000000000400000-0x00000000007CE000-memory.dmp

    Filesize

    3.8MB

    Download