General

  • Target

    JaffaCakes118_0e041344aaeb096952b7e4b0a2e721fc

  • Size

    1.6MB

  • Sample

    250605-d3anasdl9t

  • MD5

    0e041344aaeb096952b7e4b0a2e721fc

  • SHA1

    c76dfcd4e31206d1c8e3ad3c669dfe994f1d0cad

  • SHA256

    bf967ed0d22d5cc4d371eb8fcfa8fb305f5cac7147910b13e97a661419200c47

  • SHA512

    7cce3dc5b14bc0a1c4f121caf212515c678c97642eab744ef74241839a67014f06688f811b0428e4b3dcbbac392c45619062c01d07ae4ab1040888d31def9214

  • SSDEEP

    49152:L+BayMAxd0Gcm1g4JglIKHgP89nixtKmSe:LksAxd0GcwgpgE9nKSe

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

rogerferer.ddns.net:5000

Attributes
  • communication_password

    6acb084470c0a8bdf431d5427d1f29bc

  • tor_process

    tor

Targets

    • Target

      JaffaCakes118_0e041344aaeb096952b7e4b0a2e721fc

    • Size

      1.6MB

    • MD5

      0e041344aaeb096952b7e4b0a2e721fc

    • SHA1

      c76dfcd4e31206d1c8e3ad3c669dfe994f1d0cad

    • SHA256

      bf967ed0d22d5cc4d371eb8fcfa8fb305f5cac7147910b13e97a661419200c47

    • SHA512

      7cce3dc5b14bc0a1c4f121caf212515c678c97642eab744ef74241839a67014f06688f811b0428e4b3dcbbac392c45619062c01d07ae4ab1040888d31def9214

    • SSDEEP

      49152:L+BayMAxd0Gcm1g4JglIKHgP89nixtKmSe:LksAxd0GcwgpgE9nKSe

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    • Bitrat family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v16

Tasks