Extracted

• • Target

    JaffaCakes118_5730f17fceb0f2fdd132677517c03ff0

  • Size

    9.4MB

  • MD5

    5730f17fceb0f2fdd132677517c03ff0

  • SHA1

    ed9f14f7438d4ad45904bb5721d4f9712f66bdc1

  • SHA256

    78751dd14a37b8dd074c9dc6e8fa18693e41ac2d663652e76616188d1f5131dc

  • SHA512

    7bee65139c270673ed7ca7276acee4df30285943f6d08616b6e3f04e544b0eb7f50d1a9b508b33d20434c24ab6d2ad345b91159bbf69e60b56ad98bb6f1c874f

  • SSDEEP

    196608:26xqZc05LWdl1Z+UwN6E3wmnymNk+tacjMcqY55s/ck:/qZc0mvZ+ScorY55s/ck

  Score

  10^/10

  babadedabitratcrypterdiscoveryloadertrojan

  • Babadeda

    Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.

    loadercrypterbabadeda

  • Babadeda Crypter

  • Babadeda family

    babadeda

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • Bitrat family

    bitrat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2