General

  • Target

    f16151d0d1ea959552d2fe8a724b0dc5_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240415-svh22ahg56

  • MD5

    f16151d0d1ea959552d2fe8a724b0dc5

  • SHA1

    d71382495ec36153ce86cb0e94755d283fbe53e6

  • SHA256

    6248ca77e095fba357308535038777b0e555c085dfa828a6f16faac4d818a7a3

  • SHA512

    3f9b550ed515a5e0f3f99f2235bef39d1a8332496b1e37cdf107c1ab4d54875c8a6142d3a5c277c504328b04821cd8d46608e0c2c977a4c256e1530f20096e57

  • SSDEEP

    98304:viS/sRZddY2EGcHg/InwJtNELakTwPAALRuPa6o0h7:vxkZdCvGwbaYTas5o09

Score
10/10

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

elevenpaths.cc:420

Attributes
  • communication_password

    e48e13207341b6bffb7fb1622282247b

  • tor_process

    tor

Targets

    • Target

      f16151d0d1ea959552d2fe8a724b0dc5_JaffaCakes118

    • Size

      5.0MB

    • MD5

      f16151d0d1ea959552d2fe8a724b0dc5

    • SHA1

      d71382495ec36153ce86cb0e94755d283fbe53e6

    • SHA256

      6248ca77e095fba357308535038777b0e555c085dfa828a6f16faac4d818a7a3

    • SHA512

      3f9b550ed515a5e0f3f99f2235bef39d1a8332496b1e37cdf107c1ab4d54875c8a6142d3a5c277c504328b04821cd8d46608e0c2c977a4c256e1530f20096e57

    • SSDEEP

      98304:viS/sRZddY2EGcHg/InwJtNELakTwPAALRuPa6o0h7:vxkZdCvGwbaYTas5o09

    Score
    10/10
    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix

Tasks