Extracted

• • Target

    putty.exe

  • Size

    157KB

  • MD5

    fb9a5aa7537e9a41eaaa1b5714330895

  • SHA1

    4ebf8ece21579fadd34288adf5a2b2140fd3ee8f

  • SHA256

    bdcf3c8b8f3f71c76e5a192bd9dbce2061379edb57eba0d41fdc69f9172a9d6b

  • SHA512

    2e8afe44d91d2f8de6da8220a34d9e1bbfe2a1fbd9b0ebbd04bc03f43dc1b133edff74bad9e5adcbe26bc7343505e9f39fd6555ede54409a66e7561fbf596da0

  • SSDEEP

    3072:WTTtS/P8TSeZNgDTakOihnjbiTRjEXQAuis1Jy///f/MD:EtTBZAjOGGRviec3fE

  Score

  10^/10

  bitratpersistencetrojan

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application

    persistence

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2