Overview

overview

10

Static

static

3

f75083f1c6...18.exe

windows7-x64

10

f75083f1c6...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f75083f1c6ccb2d93ebc8c4e75a68e4f_JaffaCakes118

  • Size

    2.2MB

  • Sample

    240926-cfczga1anl

  • MD5

    f75083f1c6ccb2d93ebc8c4e75a68e4f

  • SHA1

    515382bbd3ec580fcacb90eec58b3325b35de3f2

  • SHA256

    780aed5445ec80dcb2ff2d37cf6e968767055a687562d2e00e5ba6dcd7b8da37

  • SHA512

    e2fa4b4675c0a965dd1e0cab0636d1d39cb6dec7dbb6ed714b68a957c5e78f9ddf24ad7f1c8c2fde17d39da99cceb9713acf3a8c3488f2a09bdbd03ab73ebd5c

  • SSDEEP

    49152:PwlwoMfZqMrGUlnTcweWQ9PDX5MkrO8lzy7npQe3gp6mYF:Yl4IvUliLDmkrXy7neRp6

Score
10/10
bitratdiscoverypersistencetrojan

Malware Config

Targets

    • Target

      f75083f1c6ccb2d93ebc8c4e75a68e4f_JaffaCakes118

    • Size

      2.2MB

    • MD5

      f75083f1c6ccb2d93ebc8c4e75a68e4f

    • SHA1

      515382bbd3ec580fcacb90eec58b3325b35de3f2

    • SHA256

      780aed5445ec80dcb2ff2d37cf6e968767055a687562d2e00e5ba6dcd7b8da37

    • SHA512

      e2fa4b4675c0a965dd1e0cab0636d1d39cb6dec7dbb6ed714b68a957c5e78f9ddf24ad7f1c8c2fde17d39da99cceb9713acf3a8c3488f2a09bdbd03ab73ebd5c

    • SSDEEP

      49152:PwlwoMfZqMrGUlnTcweWQ9PDX5MkrO8lzy7npQe3gp6mYF:Yl4IvUliLDmkrXy7neRp6

    Score
    10/10
    bitratdiscoverypersistencetrojan

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • BitRAT payload

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks