Extracted

• • Target

    Xonvhsbnf.exe

  • Size

    1.9MB

  • MD5

    c5f48c7e92189a5ea21b1cf896401a29

  • SHA1

    4fb9daab173c56ded13e22efe8ff88552a31246e

  • SHA256

    c56e2e059f83369babdb89df9c54ffea0ce7f0a848575a47c938f97b3d0ff3e8

  • SHA512

    611789ab88904409051577ac64b906d644c706fc4ffe82ee0ba431d2a427118a9565ccba4cc632539d22390aef230c19707f96e86ca95b452059529393f3fd53

  Score

  10^/10

  bitratpersistencetrojanupx

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • Modifies WinLogon for persistence

    persistence

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2