General
-
Target
0d608561f2cd7fbe41b08f9a5a01228f_JaffaCakes118
-
Size
2.7MB
-
Sample
241003-caqndaycnl
-
MD5
0d608561f2cd7fbe41b08f9a5a01228f
-
SHA1
0b1ce4bde66214d64ebf50d9c7491ee933ffee64
-
SHA256
6447cac73ac33854ef0f940ef37b0ab07f9b6852d6e93b16cfc821e6a2c8756c
-
SHA512
d47fc5852fcb50c2c354d5871386ef226e3e6ce3fa3d5b0bca029fd229656daf24ca84953c2f15c98f67b9b211d3d51ef0712a738492c9e51d9d27d8a993870f
-
SSDEEP
49152:axO686ZUfB9XkR9RBXk5JioQrgzgvuwQFop0XF0UEoIyjT2/:axO686ifC9c5EszgvuwQFop9ToIyj6
Malware Config
Extracted
bitrat
1.38
jairoandresotalvarorend.linkpc.net:9083
-
communication_password
bfdba24ee3d61f0260c4dc1034c3ee43
-
install_dir
winlogomwindefenders
-
install_file
winlogomwindefender.exe
-
tor_process
tor
Targets
-
-
Target
0d608561f2cd7fbe41b08f9a5a01228f_JaffaCakes118
-
Size
2.7MB
-
MD5
0d608561f2cd7fbe41b08f9a5a01228f
-
SHA1
0b1ce4bde66214d64ebf50d9c7491ee933ffee64
-
SHA256
6447cac73ac33854ef0f940ef37b0ab07f9b6852d6e93b16cfc821e6a2c8756c
-
SHA512
d47fc5852fcb50c2c354d5871386ef226e3e6ce3fa3d5b0bca029fd229656daf24ca84953c2f15c98f67b9b211d3d51ef0712a738492c9e51d9d27d8a993870f
-
SSDEEP
49152:axO686ZUfB9XkR9RBXk5JioQrgzgvuwQFop0XF0UEoIyjT2/:axO686ifC9c5EszgvuwQFop9ToIyj6
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-