Extracted

• • Target

    c222b81571013219fd99f7ca5fefa350d6aabd28b03bbc819048a67570db274e_JC.bat

  • Size

    2.6MB

  • MD5

    12d05ccce56b71317838c1f70c434fdd

  • SHA1

    db2b6548661dc0ad3c19439989e1c36bf62a9ca7

  • SHA256

    c222b81571013219fd99f7ca5fefa350d6aabd28b03bbc819048a67570db274e

  • SHA512

    79c4c072efba2838d053dd3912484e4138371eac29bd556e344c62abc1b49313bf562fcc6c613c7756c6d24ecc4203336da5aacaf9d4602eb8c5d6caa45053b2

  • SSDEEP

    24576:MFz0PTLOQXlNvJ9ZosU5cqcczDvwcbpSWwHt6H5P+gRnBrqYxvcpXKX6saNpWJcU:bNWTfSWwU8i8esRx7rXDdOuGC+ewAtg

  Score

  10^/10

  bitrattrojan

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2