Overview

overview

10

Static

static

3

b6e04069e4...18.exe

windows7-x64

10

b6e04069e4...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b6e04069e4e2f172ce5c14f2177243d9_JaffaCakes118

  • Size

    7.4MB

  • Sample

    240617-fl2fsszanm

  • MD5

    b6e04069e4e2f172ce5c14f2177243d9

  • SHA1

    84ea3e27f1dbfd79f86e1e4b4d1835eaadbad20a

  • SHA256

    610919a36cadf1660895058ba6a5867ccb25ffe53bc1b19c06653c3ec5f218db

  • SHA512

    976cf6f79369a7fe236837d9bacd019390f6e894c81785f3b029f5f3a011d3a0647c19bf5e647b6615e9b54d6336f7fb390e2a74d0542f372fb20ceeaccdc5c2

  • SSDEEP

    98304:eD4bx8VxKzW4Casjl7Fh3YJkDhIWHcTtvdJorssMf/:eoSODJsjhAJkDkxo6/

Score
10/10
bitrattrojan

Malware Config

Targets

    • Target

      b6e04069e4e2f172ce5c14f2177243d9_JaffaCakes118

    • Size

      7.4MB

    • MD5

      b6e04069e4e2f172ce5c14f2177243d9

    • SHA1

      84ea3e27f1dbfd79f86e1e4b4d1835eaadbad20a

    • SHA256

      610919a36cadf1660895058ba6a5867ccb25ffe53bc1b19c06653c3ec5f218db

    • SHA512

      976cf6f79369a7fe236837d9bacd019390f6e894c81785f3b029f5f3a011d3a0647c19bf5e647b6615e9b54d6336f7fb390e2a74d0542f372fb20ceeaccdc5c2

    • SSDEEP

      98304:eD4bx8VxKzW4Casjl7Fh3YJkDhIWHcTtvdJorssMf/:eoSODJsjhAJkDkxo6/

    Score
    10/10
    bitrattrojan

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • BitRAT payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks