General
-
Target
5c96d21fe8da2f665c3ad6d71b174c71_JaffaCakes118
-
Size
5.6MB
-
Sample
241019-phsh6axeqj
-
MD5
5c96d21fe8da2f665c3ad6d71b174c71
-
SHA1
96b8843194e2c4235e64e1c85553141925293511
-
SHA256
5830318c33e7c928ba5c7adff510100e34f04672df3ce534864e9b1cef5eb82b
-
SHA512
d8ff50437e376f494fba9aa051a4ef4fb88a089183454cef1825bed37db975403d822162c0288eef0281f5459bffc7568f9a2239071cf0940a31692a322d5bd1
-
SSDEEP
98304:vyZ3LRUXR9GPj9rbdajRbINHkOeY7i8mRMoRLVkGqIf/m4BQ9K+3t2tVlsT/jCSc:vyZ3LRUXrATkItkOEbZL29K/t+K+QsT8
Malware Config
Targets
-
-
Target
5c96d21fe8da2f665c3ad6d71b174c71_JaffaCakes118
-
Size
5.6MB
-
MD5
5c96d21fe8da2f665c3ad6d71b174c71
-
SHA1
96b8843194e2c4235e64e1c85553141925293511
-
SHA256
5830318c33e7c928ba5c7adff510100e34f04672df3ce534864e9b1cef5eb82b
-
SHA512
d8ff50437e376f494fba9aa051a4ef4fb88a089183454cef1825bed37db975403d822162c0288eef0281f5459bffc7568f9a2239071cf0940a31692a322d5bd1
-
SSDEEP
98304:vyZ3LRUXR9GPj9rbdajRbINHkOeY7i8mRMoRLVkGqIf/m4BQ9K+3t2tVlsT/jCSc:vyZ3LRUXrATkItkOEbZL29K/t+K+QsT8
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
BitRAT payload
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-