Extracted

• • Target

    b087a691094f9fdd25b7b1828ff7d9fb

  • Size

    4.6MB

  • MD5

    b087a691094f9fdd25b7b1828ff7d9fb

  • SHA1

    78882a7d0aef6b8b1a190fa50ea82373bf4d3b88

  • SHA256

    954eeaefa91f80e80df9cc550c0cc16f52ad063f8ca3494c40ebc5c51ebc635b

  • SHA512

    4f4e1e6da8b96b1984ba4f5a378b442c5671940af3c0fbd2102b6ba4ef15259d88f23e2df38770e91f2389dd439c507561dec820ad471b14148a28fc747b3a83

  • SSDEEP

    98304:RM3sD4Wo+QeyE5fjBdsc+zm4o6kz5KRVBQAWBxfGU:RM3sD4WSDe8rPkz5KFRu

  Score

  10^/10

  bitratevasiontrojan

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • Looks for VirtualBox Guest Additions in registry

    evasion

  • Looks for VMWare Tools registry key

    evasion

  • .NET Reactor proctector

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2