Extracted

• • Target

    e20a92ba803ccdce1a2508542816f047_JaffaCakes118

  • Size

    6.4MB

  • MD5

    e20a92ba803ccdce1a2508542816f047

  • SHA1

    803131e516784cff0cb6ad6e6b5cb29bc39092b9

  • SHA256

    db7619d7304cbb9c7ad4bf8c74836f241aecac1fda067f3ffadadf7ee6d44930

  • SHA512

    72329831d13bf15f193af74ee558c5c391ff87dfc77132da533e67f8b16f0d43c16f6ecc6a2a24b3aff9d5b1263ecbfffa0057aadbefd1b2c28b8f8193494ccf

  • SSDEEP

    196608:IqWzFJ74xQUlQDIpa86HyHp9tQ0Nirvk2qSxHyzd3kn:IqWzR6aPC9tHi/qS1yyn

  Score

  10^/10

  bitratdiscoverypersistencetrojan

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • Adds Run key to start application

    persistence

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2