Extracted

• • Target

    e13857401eb5c43d18a498712188ed15

  • Size

    4.1MB

  • MD5

    e13857401eb5c43d18a498712188ed15

  • SHA1

    36c7e59d35b366e2b50f90dcfa7725ac69004ca4

  • SHA256

    a1709149461b53bc54bcda054a1948e62a92b7fe08f56518d224f531cc400130

  • SHA512

    05f49545ae3df23de965eaa356d546631f4e25ca8fcf207c6afc2a28e2d3406276ffe1cdb14ecdbb0043246545771095f5f45395ec50ae03caf429882ab7192d

  • SSDEEP

    98304:EGPZgrQmhBXdbkuMl1IVhAKWmfP1QWGx5oPj83L2jNrGn:TPZgrQmhBXhMsVAmfP1zGx5oPj8368

  Score

  10^/10

  bitratevasiontrojan

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2