Extracted

• • Target

    83e96fce5951cae0eb39a4f0761b42af

  • Size

    4.0MB

  • MD5

    83e96fce5951cae0eb39a4f0761b42af

  • SHA1

    7b13df159a1c4a85d711d2935a272c8d21286504

  • SHA256

    7d0c994f961ab330c60b07d71f796b3085d085f81bd382c0bdbee09e2cf7042f

  • SHA512

    25c97ef0272e2ebb9ed505cfc1cb012a7f94467f21830972541e0693c05aef6b6c975ad04afb83c610a972e6b63833eb4319d41b285925ee3e005eeef8b00101

  • SSDEEP

    98304:qznKaSNN5DwMZCEwEQhTYPL6iezQhNQOzhNgqEmYDpPj:qLKagPL/wzhTY8zQh/hNgqfYN

  Score

  10^/10

  bitratpersistencetrojan

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • Adds Run key to start application

    persistence

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2