Extracted

• • Target

    21b9d51376efde8b0b9253c0b32e8bf5

  • Size

    36KB

  • MD5

    21b9d51376efde8b0b9253c0b32e8bf5

  • SHA1

    c7bbca83797e5a71e071b2f1d3eda5147e99ffa2

  • SHA256

    a5463d144af0f2c9e1725f7a6c520977986bad3c3e3c3feb344b08b98c795c73

  • SHA512

    ea10342a206bb1cf8ef606e61a2b3b70404c78ce3beb272957e8d0c0bf762140799c4d79aca0255120703d8e47b6e90338d97f7a80c2c220127ff494074751b9

  Score

  10^/10

  bitratpersistencesuricatatrojanupx

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)

    suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)

    suricata

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application

    persistence

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2