Extracted

• • Target

    ab3d8c58a33fd90eca17dc079eb05469bbe535b16eb653810f134df888e230ce

  • Size

    5.4MB

  • MD5

    298a8a69908571fb0aa37db11f042180

  • SHA1

    e127b71a42428afccb723ef357492df9b20dfe28

  • SHA256

    ab3d8c58a33fd90eca17dc079eb05469bbe535b16eb653810f134df888e230ce

  • SHA512

    1188c79240ddb3720fa3db360f4425fb351d7caa2e721c3e3e5dfc18bad75f8c1f47c94a87eada54f95217729829a18f320e41bd700ea84b19d7a29f013b67b2

  Score

  10^/10

  recordbreakerevasionstealerthemidatrojan

  • Raccoon ver2

    Raccoon ver2.

  • RecordBreaker

    RecordBreaker is an information stealer capable of downloading and executing secondary payloads written in C++.

    stealerrecordbreaker

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Themida packer

    Detects Themida, an advanced Windows software protection system.

    themida

  • Checks whether UAC is enabled

    evasiontrojan

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2