General
-
Target
JaffaCakes118_0e041344aaeb096952b7e4b0a2e721fc
-
Size
1.6MB
-
Sample
250605-d3anasdl9t
-
MD5
0e041344aaeb096952b7e4b0a2e721fc
-
SHA1
c76dfcd4e31206d1c8e3ad3c669dfe994f1d0cad
-
SHA256
bf967ed0d22d5cc4d371eb8fcfa8fb305f5cac7147910b13e97a661419200c47
-
SHA512
7cce3dc5b14bc0a1c4f121caf212515c678c97642eab744ef74241839a67014f06688f811b0428e4b3dcbbac392c45619062c01d07ae4ab1040888d31def9214
-
SSDEEP
49152:L+BayMAxd0Gcm1g4JglIKHgP89nixtKmSe:LksAxd0GcwgpgE9nKSe
Static task
static1
Malware Config
Extracted
bitrat
1.38
rogerferer.ddns.net:5000
-
communication_password
6acb084470c0a8bdf431d5427d1f29bc
-
tor_process
tor
Targets
-
-
Target
JaffaCakes118_0e041344aaeb096952b7e4b0a2e721fc
-
Size
1.6MB
-
MD5
0e041344aaeb096952b7e4b0a2e721fc
-
SHA1
c76dfcd4e31206d1c8e3ad3c669dfe994f1d0cad
-
SHA256
bf967ed0d22d5cc4d371eb8fcfa8fb305f5cac7147910b13e97a661419200c47
-
SHA512
7cce3dc5b14bc0a1c4f121caf212515c678c97642eab744ef74241839a67014f06688f811b0428e4b3dcbbac392c45619062c01d07ae4ab1040888d31def9214
-
SSDEEP
49152:L+BayMAxd0Gcm1g4JglIKHgP89nixtKmSe:LksAxd0GcwgpgE9nKSe
-
Bitrat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-