General
-
Target
JaffaCakes118_0d707cfae27b01387e73b3067434a777
-
Size
2.1MB
-
Sample
250604-mm9l5agm4v
-
MD5
0d707cfae27b01387e73b3067434a777
-
SHA1
edeeda55685cba04e00b4a7a7c6c868d6a377102
-
SHA256
f0d005d977c0c00c775d92ce4fd5a7a91a17622f82537afdba2ea67d7dc2d1f0
-
SHA512
21629e8b64b660ad2a16fdb855dbb065a1c5cef13b62a74b8e999bdbd9045156ae623bd50bec3322ad653489e11082f8a36329631d2b3247feb2d0ad5ff6058e
-
SSDEEP
49152:sIoT8uc0tbybWKQpP5urP+qTQNYwgTjargCojh2NT:sdTJySXPZLRrgCoWT
Static task
static1
Malware Config
Extracted
bitrat
1.38
firewall.publicvm.com:25874
-
communication_password
a20ba4fb329f7dc66c0dd3562e9f9984
-
tor_process
tor
Targets
-
-
Target
JaffaCakes118_0d707cfae27b01387e73b3067434a777
-
Size
2.1MB
-
MD5
0d707cfae27b01387e73b3067434a777
-
SHA1
edeeda55685cba04e00b4a7a7c6c868d6a377102
-
SHA256
f0d005d977c0c00c775d92ce4fd5a7a91a17622f82537afdba2ea67d7dc2d1f0
-
SHA512
21629e8b64b660ad2a16fdb855dbb065a1c5cef13b62a74b8e999bdbd9045156ae623bd50bec3322ad653489e11082f8a36329631d2b3247feb2d0ad5ff6058e
-
SSDEEP
49152:sIoT8uc0tbybWKQpP5urP+qTQNYwgTjargCojh2NT:sdTJySXPZLRrgCoWT
-
Bitrat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v16
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1