Extracted

• • Target

    8924a53be46439d1c258a10b59596b77

  • Size

    3.0MB

  • MD5

    8924a53be46439d1c258a10b59596b77

  • SHA1

    6cf13347e475772a66e67f5f529a908956dfd00d

  • SHA256

    08b44be5d6721d2b20fa1de5fa8d1f80d84d9d424f6fefc06b01a9a81670aec8

  • SHA512

    b322d44280e7eff437d0c429f6cfd7af7cf05ea0a8598a9dd42a89b1b6712a1c5f80f1a676d7e1eaf71188f82b68e5c32078e3b376efea97c81df2d594b8eeab

  • SSDEEP

    49152:YJXZRkXRxWCBu72E76E5jXVL5w9lmVOALga7n0Yy:Ky

  Score

  10^/10

  bitrattrojan

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • Nirsoft

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2