Extracted

• • Target

    14444c9c5db1ea8697998809b388650c_JaffaCakes118

  • Size

    3.3MB

  • MD5

    14444c9c5db1ea8697998809b388650c

  • SHA1

    3e2c4b015ea01f502678cac5d1aeac5044b2dc34

  • SHA256

    b7e5029d6258a083904d38b575acd8eee6d49226a7c12282542cd8462320dea6

  • SHA512

    64c0631b0f8f0e41843befb43cd9e99ab91a6409b71a2864b312a534a65669003e35414231b4b55eb4afad490c9eefd693182088eadb5e45c809efb9da26c744

  • SSDEEP

    98304:eEAu0XsEpAZQKRjXrNELnnU/T24+daUZ8:Eu0cxaKRjbNELOax

  Score

  10^/10

  bitratevasiontrojan

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2