Extracted

• • Target

    68da50b47b7350bb7b4a36a4e11fcff4

  • Size

    4.4MB

  • MD5

    68da50b47b7350bb7b4a36a4e11fcff4

  • SHA1

    2e9ce8293812f916a1b457bfd8d0ef4cb82ca24e

  • SHA256

    2a2b320e2b0c6eb5cee277f322938feb883dc9af94c3db75afb9905cbf1c473d

  • SHA512

    9b63ea8764b82776a408075290ceefb3666e3c69bddb9a487f43327e2b22cccc3b7d75bcffbd53f3c3967f4197ad0d1b233f3ed5db6125bd8b440cd0eabc30c8

  • SSDEEP

    98304:vcZtS2zFA6p8m4aB7Dcy5Yf0OCnLvx803lL0OHOfH5RQKQIiYfbHgdJUDD:eS2zFAdK0FcnvW03yOHOfH5RQKQIiYf/

  Score

  10^/10

  bitrattrojan

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2