Extracted

• • Target

    Document.exe

  • Size

    791KB

  • MD5

    7c0e98c4953d703942e3cad7d5853044

  • SHA1

    a766257674c5785ebc8b86190b32c237e0591ddb

  • SHA256

    96ad1fca026bd32391b2788796429e7299637b7a192ea5b5af31052a374ba396

  • SHA512

    6dd746ee49e496098624c64c9e2e80893ef9bc4bf313a80dbb4e1d94543e9d38200786ce348732422a5aa127f7e182aa5782b541ed0b00b22098658a533dec66

  Score

  10^/10

  bitratmodiloaderpersistencetrojanupx

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2