Extracted

• • Target

    618b42e14d1b6476e4880d99ca6fa8dd

  • Size

    2.0MB

  • MD5

    618b42e14d1b6476e4880d99ca6fa8dd

  • SHA1

    c939cb3334a913567607b6f85f3b86278b7a9267

  • SHA256

    9c6984f9235508550479de6e3c40425ccfd0513a5f7718da2df0c2f7859fc55f

  • SHA512

    09c73eb8b226cbcea440329bac4b50f1bfee9078ddbd32fce6cad914a849f1d0f97f087d218de43f6e75b50e26bbf5a1625598975deaac290c94e58caccd62ca

  • SSDEEP

    49152:CdWbX42j7fxTxJkiFLIe3xlkG31GyXygHheYNr1IVZQT:CdWbX4srBxJlFEe3x+85HhTNr1IVZQT

  Score

  10^/10

  bitratpersistencetrojan

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • Modifies WinLogon for persistence

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2