Extracted

• • Target

    zapitvane marko bulgaria eood.doc

  • Size

    3KB

  • MD5

    a5a6fbe5e7f86784d14ce1f4d7672f6b

  • SHA1

    c8b9fc16cea841705b1b80152cc95f3322799c80

  • SHA256

    7f55a7b60a243743fe8f8f25220e8aae506d985ff963587200329f229cca2248

  • SHA512

    322944cc12604db232973329f9ad5e49c034d9ca4e55ffba3ddc8b4d2dc815c2afaeddae740436d07c88f46d9017902c88dac0cdc0610dcbd47cb9d0825218b3

  Score

  10^/10

  bitrattrojan

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2