Extracted

• • Target

    27ac1707d1e02b6bc93f15d3a75a517a

  • Size

    2.7MB

  • MD5

    27ac1707d1e02b6bc93f15d3a75a517a

  • SHA1

    bd557284c496b1bd0db397f3c310d91ae59a5613

  • SHA256

    7e3cb1628dc1f632d96f0fd8afa97083780a11f70bb40736ca26e52adb0fb5bc

  • SHA512

    b8fefa0d31d53d1315400fac621f969ae7b8b16a8887167e8608b7869079b216306f87058b5ad19cad5fc23280ecf55db3c1baf5852361b2dacdc1d37986a92b

  • SSDEEP

    49152:l/btv/LEO/MIWLdRwjYIaPW+4rpU5RSWNehLzHTiT2kUQACbhfuQhWp7fN3RN:tyOEI2Rwjex4rpyc9zzm2kUQFfu17fzN

  Score

  10^/10

  bitratpersistencetrojan

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • Adds Run key to start application

    persistence

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2