Extracted

• • Target

    ach payment 082422.xls

  • Size

    29KB

  • MD5

    70c9d8b73d8b0b704ca4eed431f0b8b9

  • SHA1

    700df606142d4d599078112277f6352134a5376b

  • SHA256

    33a03e5a48aa54e8ade7fa89d977a846b517956ee17a0419c68698742104450b

  • SHA512

    b682cf9edfac472dfec29d8bad297b436321eb16c6dd3bbd3c77d660fabdf5089296657a02e1d74fb960f8784cf87bb1d924778806ae75bf484324dbb719bbed

  • SSDEEP

    768:vgk3hOdsylKlgxopeiBNhZFGzE+cL2kdAJRB5kPok:Yk3hOdsylKlgxopeiBNhZFGzE+cL2kdv

  Score

  10^/10

  bitrattrojanupx

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Blocklisted process makes network request

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2