Extracted

• • Target

    36ad3cbe63b2b704928c330a10f014cb_JaffaCakes118

  • Size

    3.9MB

  • MD5

    36ad3cbe63b2b704928c330a10f014cb

  • SHA1

    f7b0b72f00fa2e8274505654e01520f5a27828c7

  • SHA256

    f5eda9a11a961ca4187041b721c9d094e85c3f59302ef9ec36969bdf25d33836

  • SHA512

    f7f2ccdae876019c297c164d0e0b8e0ac604cea620abfce5de64a3486dd5efd057b5d51a8a7f28fbb5e19064d48f7b015683dc24fda08bf12bd3d99b52f12fe5

  • SSDEEP

    98304:5t2kdAOLTRFdBCVAG9ywFtpkqrqyVxIJMG:5tg0NvBCVLo6t+qrq8xIJB

  Score

  10^/10

  bitratpersistencetrojan

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • Core1 .NET packer

    Detects packer/loader used by .NET malware.

  • Adds Run key to start application

    persistence

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2