Extracted

• • Target

    zapitvane marko bulgaria eood.doc

  • Size

    3KB

  • MD5

    93671555d60537ba07df133dda8592a2

  • SHA1

    396ab1b853fac12d406bc1687cf18cb0a2cc061e

  • SHA256

    833747fe3feaca3e71a38cc66ee5003a846fc43a61e8a59e093a23c5b260ef90

  • SHA512

    8d03fcc1a697a8150ce7d2325e65a329d8d870a185b66cdb9ae70c84aecd9983913c12b48902d2b3f7553378617dee533363ac759bef1c8c502903f3016d6a6f

  Score

  10^/10

  bitrattrojan

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Uses the VBS compiler for execution

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2