Extracted

• • Target

    86c57967785fe8dbcdf209fb564f9a85.exe

  • Size

    24KB

  • MD5

    86c57967785fe8dbcdf209fb564f9a85

  • SHA1

    c388ca38a675e0709f3d62ae985d6b74f195123f

  • SHA256

    bf7628695c2df7a3020034a065397592a1f8850e59f9a448b555bc1c8c639539

  • SHA512

    dc6d5f80f0d5213aabb010ce8956fe846fa823ed6531b3bfaa1dbfde825361f823800deb43c0152b1a965917d2976b76e3f711f5183fb18d61ae33ed79170a87

  • SSDEEP

    384:V2PLnw7jjye7nw60fIGC4600dc+kMEe5QRBCslwSbmy/uLPxBnptYcFmVc03K:8wueTwpMdnWHbbmv7ptYcFmVc6K

  Score

  10^/10

  bitratpersistencetrojan

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application

    persistence

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2