Extracted

• • Target

    1540c36f7454d7fc450d9ba1df2d0b27

  • Size

    4.0MB

  • MD5

    1540c36f7454d7fc450d9ba1df2d0b27

  • SHA1

    e67371197f6a0b3731f787d11db284f3d684997b

  • SHA256

    752de4a31961533190547dd1fe03bc8c0c0178c3a8512582ae56266e27e32c17

  • SHA512

    dde9a094e7e8089a2342c63a33a9e8c8cb46d4c341e7f8ff84489757928306d39172cf89e69ec56f3568cf5f8aa3ce7cadebb65d3058b14916e6444a92525162

  • SSDEEP

    98304:OwyTkXTVa2bSFV5zNUFzbXottPXD5BYaHiuhg:OVkXTVaummbXott/9CM

  Score

  10^/10

  bitrattrojan

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2