Overview

overview

10

Static

static

3

d179fb1a17...18.exe

windows7-x64

3

d179fb1a17...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d179fb1a173a8da2155ef32c99daafb6_JaffaCakes118

  • Size

    3.3MB

  • Sample

    240907-j56fmsthqa

  • MD5

    d179fb1a173a8da2155ef32c99daafb6

  • SHA1

    cd9e32f6a3f3d1f6219ddc7c878674146bf03650

  • SHA256

    f6bf8be76ab0deedb26fccd13d1f7c6bc1b308497481c663ee771f6860087a0f

  • SHA512

    13f6292bbba11db0a8f34ad3e161a799fdcfaa16a22c09eae309886407a1cde7c053421bbce1fba5f9cca8bda0050f2bc9e39b3fac1831c0d79252994afad56a

  • SSDEEP

    49152:rkurFak8RRH+OgDDWkDec8fC0ipXcBpgh/lm6W3bgeRWk+A73JsHfbCqXi55dXBS:rN8eOQWfbC02Xcfa/lmZbiqNrXg8cJ

Score
10/10
bitratdiscoverytrojan

Malware Config

Targets

    • Target

      d179fb1a173a8da2155ef32c99daafb6_JaffaCakes118

    • Size

      3.3MB

    • MD5

      d179fb1a173a8da2155ef32c99daafb6

    • SHA1

      cd9e32f6a3f3d1f6219ddc7c878674146bf03650

    • SHA256

      f6bf8be76ab0deedb26fccd13d1f7c6bc1b308497481c663ee771f6860087a0f

    • SHA512

      13f6292bbba11db0a8f34ad3e161a799fdcfaa16a22c09eae309886407a1cde7c053421bbce1fba5f9cca8bda0050f2bc9e39b3fac1831c0d79252994afad56a

    • SSDEEP

      49152:rkurFak8RRH+OgDDWkDec8fC0ipXcBpgh/lm6W3bgeRWk+A73JsHfbCqXi55dXBS:rN8eOQWfbC02Xcfa/lmZbiqNrXg8cJ

    Score
    10/10
    discoverybitrattrojan

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • BitRAT payload

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks