General
-
Target
10a85509c4d5e93a689f543d3f8fd3ee_JaffaCakes118
-
Size
5.3MB
-
Sample
240626-elscfstepd
-
MD5
10a85509c4d5e93a689f543d3f8fd3ee
-
SHA1
65baefe2d021ce87d5a5e585551b128d65f07bb6
-
SHA256
a777e0372a1a9202b89bc4528c03223e064b0e3db71559041fd884a6daed57c3
-
SHA512
93aeaa06574a35b9aaebc40736f577aa296a95a1ead2efa198fe7843e09ae094ba1b2426cf7620e2423614b78836030393bd786b3a3eb3b6c939ea25d374e542
-
SSDEEP
98304:Ut/jaS/6AIPAHtE6gcvpVNPEpSY4wS7HN8NFXeNem3gcCRVI+R3T5OH5YoqHSWp+:OaS4o+dcLNPEpSTzNyXsem3It3Tbc0+
Malware Config
Extracted
bitrat
1.34
185.157.161.104:65312
-
communication_password
81dc9bdb52d04dc20036dbd8313ed055
-
tor_process
tor
Targets
-
-
Target
Codes.exe
-
Size
6.4MB
-
MD5
e20a92ba803ccdce1a2508542816f047
-
SHA1
803131e516784cff0cb6ad6e6b5cb29bc39092b9
-
SHA256
db7619d7304cbb9c7ad4bf8c74836f241aecac1fda067f3ffadadf7ee6d44930
-
SHA512
72329831d13bf15f193af74ee558c5c391ff87dfc77132da533e67f8b16f0d43c16f6ecc6a2a24b3aff9d5b1263ecbfffa0057aadbefd1b2c28b8f8193494ccf
-
SSDEEP
196608:IqWzFJ74xQUlQDIpa86HyHp9tQ0Nirvk2qSxHyzd3kn:IqWzR6aPC9tHi/qS1yyn
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-