Extracted

• • Target

    cb1210c9515e3e6bf5716048cb7ba3cf

  • Size

    2.1MB

  • MD5

    cb1210c9515e3e6bf5716048cb7ba3cf

  • SHA1

    9a57f751a71a63ac9b998a6a19b7a38b96349e53

  • SHA256

    42c77364cebcb01102a85a8bb9a053a0e01d633c2e9710256e9d174a9f67effd

  • SHA512

    ee6ca757e4dec2230255c26f66dfb20e225e22581e3c90359f168e976a5e12250ed24dd5305b6c59a673036841cedce682601fef5f4c9304843571c941c96990

  • SSDEEP

    49152:1kIxSRHorTDMyDmFscevbcd/Fkl1DI8wGLSK4Erm8jJE3hGJGYRV6O37PckR1h:1k8SeDMbFs3Ad/FUIyHpcMhn1370kR1

  Score

  10^/10

  bitratpersistencetrojan

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • Modifies WinLogon for persistence

    persistence

  • Uses the VBS compiler for execution

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2