Extracted

• • Target

    d825fa02ed9b209b329dfd2eb8bfc29a

  • Size

    3.5MB

  • MD5

    d825fa02ed9b209b329dfd2eb8bfc29a

  • SHA1

    a504da00ac20b1b5c7e8a375e18ebd210fb3d3f5

  • SHA256

    2b590ae0dbb1cfe013c780beaad0401d7fc483c9d5f453cf23b79faa7adfd67f

  • SHA512

    9008ee92c62d2c81efc89bfca9c606083dd39aedc9057062c194d9a5f0aa566010f5fa8c369fb4e4f69275466acbc571159933efd45f89d52bc58182ece94fbc

  • SSDEEP

    49152:vLVwb6UKSZrEW33E+pNfwJEqNsAjYQcXaD+2GVxo85odrpxeyprdY8Q1ZLKx:vLxQF6TjhGVaTBmh

  Score

  10^/10

  bitrattrojan

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • BitRAT payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2