Extracted

• • Target

    d0f8c7eda9a5e772e3be9c3b67f43e35

  • Size

    4.0MB

  • MD5

    d0f8c7eda9a5e772e3be9c3b67f43e35

  • SHA1

    d73903af0fa940d67c123eb6e6722325e656c9c0

  • SHA256

    29f877de694aa77ca19d69ce15720a139b75f201761df81c70b64354290c87c2

  • SHA512

    d80dcfd2bb53674dca019cba0bed0894030da893d492baa38392ead742adc86e3722a0b0c490352ea263d01d8a8e02a0ed71cda183d3abecdeaca54feb380597

  • SSDEEP

    98304:uVXHrDqvnhfHh5Evm6KdlS522XiFC7o3vUzGJ:WXUhfnmmfz2J7Y

  Score

  10^/10

  bitrattrojan

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Uses the VBS compiler for execution

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2