General

  • Target

    a76da3ab31bd142881d3cc05b3903dba_JaffaCakes118

  • Size

    1.9MB

  • Sample

    241127-mp91nsznc1

  • MD5

    a76da3ab31bd142881d3cc05b3903dba

  • SHA1

    8b168865e07098254456c4bde49f0892e42ae2b1

  • SHA256

    84c32cb403361a5d8d8117cf941b89c6c819ac453a0e1f411eb5c2952cc35e7c

  • SHA512

    064a326303e24160ef5a27fa4843d98c1df545e5bcd077b25dfd1abd5cb7ee7a142edf4176a16ff0972ebcaada9604cd23ee14c01251c223336260669a010fff

  • SSDEEP

    24576:CjmjQcndRKZCy2BrhCeU2i2cJijFbCBTPmiY05tJMSQp5ysA7Yg1nLkziEmTxp+x:vQmXDFBU2iIBb0xY/6sUYYRLDIP

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

79.134.225.90:4898

Attributes
  • communication_password

    7fcc5163240be484c36ebae222f656b3

  • tor_process

    tor

Targets

    • Target

      a76da3ab31bd142881d3cc05b3903dba_JaffaCakes118

    • Size

      1.9MB

    • MD5

      a76da3ab31bd142881d3cc05b3903dba

    • SHA1

      8b168865e07098254456c4bde49f0892e42ae2b1

    • SHA256

      84c32cb403361a5d8d8117cf941b89c6c819ac453a0e1f411eb5c2952cc35e7c

    • SHA512

      064a326303e24160ef5a27fa4843d98c1df545e5bcd077b25dfd1abd5cb7ee7a142edf4176a16ff0972ebcaada9604cd23ee14c01251c223336260669a010fff

    • SSDEEP

      24576:CjmjQcndRKZCy2BrhCeU2i2cJijFbCBTPmiY05tJMSQp5ysA7Yg1nLkziEmTxp+x:vQmXDFBU2iIBb0xY/6sUYYRLDIP

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    • Bitrat family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.