General
-
Target
fa730d83b4be4c873039dc585f958d7c_JaffaCakes118
-
Size
2.7MB
-
Sample
240419-q92ftafa6z
-
MD5
fa730d83b4be4c873039dc585f958d7c
-
SHA1
95f5cef4663ceb749ca98131734bb001d618458f
-
SHA256
293440eae97b7c052aeaffd6855b2eda065b0b8fd452a830a9bf3c6637a20f4a
-
SHA512
2870816e65670af2b1675dc6b3e48ae6e297adc15330c1ce3e0c9ae276136a122a3fe46175c389d93014938a080bb70bc7824f5adc4b831818ee8a707a24589b
-
SSDEEP
49152:DdbNhMYCLtVRgf3FEyzLrU2OzPaWBA22ynoyHORZ/nXX2WAoF:hPuCf1EyHo20PaP2VoyHGZ/XXyU
Malware Config
Extracted
bitrat
1.35
storage.nsupdate.info:8973
-
communication_password
bf771c9d082071fe80b18bb678220682
-
tor_process
tor
Targets
-
-
Target
fa730d83b4be4c873039dc585f958d7c_JaffaCakes118
-
Size
2.7MB
-
MD5
fa730d83b4be4c873039dc585f958d7c
-
SHA1
95f5cef4663ceb749ca98131734bb001d618458f
-
SHA256
293440eae97b7c052aeaffd6855b2eda065b0b8fd452a830a9bf3c6637a20f4a
-
SHA512
2870816e65670af2b1675dc6b3e48ae6e297adc15330c1ce3e0c9ae276136a122a3fe46175c389d93014938a080bb70bc7824f5adc4b831818ee8a707a24589b
-
SSDEEP
49152:DdbNhMYCLtVRgf3FEyzLrU2OzPaWBA22ynoyHORZ/nXX2WAoF:hPuCf1EyHo20PaP2VoyHGZ/XXyU
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-