Extracted

• • Target

    2dbe8acd23d12f9f1fbeeaeead8c667a_JaffaCakes118

  • Size

    4.2MB

  • MD5

    2dbe8acd23d12f9f1fbeeaeead8c667a

  • SHA1

    8f0fce3f465aa5e3699599cbfb3ff94f49ce181e

  • SHA256

    7277f1d3ddf844d18b2b0f95b620c8617736ad6703234fee2cb46299590180fe

  • SHA512

    07f92bea16c99eaf1887856a679f8f3b6a3d8aab081532396d89c51023513418f4d102959b0ff6676cbbb11ec4819315092c36d06f3939df34c1fae44bc0802d

  • SSDEEP

    98304:XcrwuJxGYegQbB5DAowDOA3wRbVZ3oG3zmQH0QRK5fl0Ax:jAEYiyvwRbVSGDmESdb

  Score

  10^/10

  bitrattrojan

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2