Extracted

• • Target

    1bf1d6e8ef16cccf201173d11aafe00e

  • Size

    2.6MB

  • MD5

    1bf1d6e8ef16cccf201173d11aafe00e

  • SHA1

    ff3866b22e80acdf4175a1f496422c4736148bb0

  • SHA256

    f5481cd3d77f9e73b0e1a2425bf32886d2ff78f872a278b3b2dc0b00a35d1e95

  • SHA512

    07455146ba16e66b2b32af996ca51983354dcdcc8a26dd5b33a26f4c4c18a0f660c016e44de129222e912b28fb14ff239b0823eb62f360c80477ce1659788c42

  • SSDEEP

    49152:p+8EoyPJJFc4sIe7yAsxjTNwquM4e04xvbjATC2z+v2:p6PnFc4szuRHYN4J2zt

  Score

  10^/10

  bitratpersistencetrojan

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • Adds Run key to start application

    persistence

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2