Extracted

• • Target

    JaffaCakes118_e8b088e5944106e2ea4faf15fe283be5

  • Size

    3.7MB

  • MD5

    e8b088e5944106e2ea4faf15fe283be5

  • SHA1

    f2a69aca792d12cb5181b7e79011d160631c96c9

  • SHA256

    4006ccc6035e25005fcd9568eaa3e4aa4559cea66afe969ef74143d0b8caac60

  • SHA512

    b626548865f7c98ef44191ce4555c263ab45c5d4a84fc80779bb3795cb1ccc6dbf2ae987a1dbccfd62a603d2016685b13176d4f99cc91a179009232dd1c8765a

  • SSDEEP

    24576:IryW3GF/TM9IG9L9ZlR7FJfSvrl+sUic7Za0aFg4bkcOFIk86q5hpmqP147IR/vM:C

  Score

  10^/10

  executionbitratdiscoverytrojanupx

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • Bitrat family

    bitrat

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2