Extracted

• • Target

    PI ORDER 1177 07112022.exe

  • Size

    514KB

  • MD5

    ed5c4f8e9a4be06daffa11b0cec54f1f

  • SHA1

    bc50afc751b3e0aafcaccdbb0a346499966bbf5a

  • SHA256

    46507c91579943533bd4541843b71e345ba2712a78d5496b2e4c4fcb8eab3fea

  • SHA512

    ffb2cc68d8ad8aff3c46994a5b088cd36ba911fe17b436b3034c1cc000ba519c1f630553feeae6266d8b4617a1b7f1650ac3b5dd482c0922e844c510ef29188a

  • SSDEEP

    12288:25FAdiPfBpKS78Ry0QnTNn4eXgyJJBaBAmBdl:YPP7p7w+g65Idl

  Score

  10^/10

  bitratpersistencetrojan

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • Checks QEMU agent file

    Checks presence of QEMU agent, possibly to detect virtualization.

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Drops file in System32 directory

  • Suspicious use of NtCreateThreadExHideFromDebugger

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2