Extracted

• • Target

    dfce4c5c593fa3214aa5f4e3035db47e_JaffaCakes118

  • Size

    3.0MB

  • MD5

    dfce4c5c593fa3214aa5f4e3035db47e

  • SHA1

    9d2eda532cd0593d0d576d716f374d7aa2984c79

  • SHA256

    429a73f74045a5a0a48f5f17b1172ee5417073af343b4522097ebc94debe2cc9

  • SHA512

    7b4d7ff7b881702f4325269f2e8662a9048a44ac9b13996b7c3e88143198231aaa4d8f52ead148cbccb3f17a6188b1c6826691abc0e71331abda264e02a84e1b

  • SSDEEP

    49152:TEBuM9t97iv8lUNqJpjYzVYvClJByC0v3UmDASq4bCxco5mzK:

  Score

  10^/10

  bitratdiscoverytrojan

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • Bitrat family

    bitrat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2