General
-
Target
31db72bcc1cd98d69e9b91a63b061c0e_JaffaCakes118
-
Size
1.4MB
-
Sample
241010-z336hasdrk
-
MD5
31db72bcc1cd98d69e9b91a63b061c0e
-
SHA1
c84563b56088acb3c1bd9435bb264576509285a1
-
SHA256
b610d1ae855f79028cabdbd3c1160bc330ef68a7f30ab5544d00b09af341cc68
-
SHA512
415cfbbbb3d459061679cf15cc74bd9a45af2935624466e6f2d163693543475354fd200ba01a1bfd84979ea6e10a0c5e7dc6b771cfaf5380a8f9dea8138d898f
-
SSDEEP
24576:DndRKZCy2BrhCeU2i2cJijFbCBTPmiY05tJMSQp5ysA7Yg1nLkzgZ3y9uunqP:LXDFBU2iIBb0xY/6sUYY5ZC9n0
Malware Config
Extracted
bitrat
1.38
microupdate.securitytactics.com:9999
-
communication_password
d9909824688daaad46d441eefd81eb38
-
install_dir
Solitare
-
install_file
NRT.exe
-
tor_process
tor
Targets
-
-
Target
31db72bcc1cd98d69e9b91a63b061c0e_JaffaCakes118
-
Size
1.4MB
-
MD5
31db72bcc1cd98d69e9b91a63b061c0e
-
SHA1
c84563b56088acb3c1bd9435bb264576509285a1
-
SHA256
b610d1ae855f79028cabdbd3c1160bc330ef68a7f30ab5544d00b09af341cc68
-
SHA512
415cfbbbb3d459061679cf15cc74bd9a45af2935624466e6f2d163693543475354fd200ba01a1bfd84979ea6e10a0c5e7dc6b771cfaf5380a8f9dea8138d898f
-
SSDEEP
24576:DndRKZCy2BrhCeU2i2cJijFbCBTPmiY05tJMSQp5ysA7Yg1nLkzgZ3y9uunqP:LXDFBU2iIBb0xY/6sUYY5ZC9n0
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-