Extracted

• • Target

    1bbf7521bd43cc4fd418b052fe950ab71b66e7dbef9b0d4816939a5019aecaaa.exe

  • Size

    4.3MB

  • MD5

    0f436d1b40cc8da71989b597951ae61c

  • SHA1

    eb697a163bf73ee475c93e916bfaf90de40dd422

  • SHA256

    1bbf7521bd43cc4fd418b052fe950ab71b66e7dbef9b0d4816939a5019aecaaa

  • SHA512

    489c4b07fbf28921d22adfe6429e56fb70b8503ad9cde21991923bc54ee5ec78675c94185773bbabc166221b731f1e9335f59ce92113769e9d0f4becc800516e

  • SSDEEP

    98304:tmlSoZ5WrocGLpYHgyRWSJfSD8xipKbgo9PIs4qSoNMLmUzv:IlR5jcG+AyRWSJNceeLlT

  Score

  10^/10

  bitrattrojanxenarmorcollectionpasswordrecoveryspywarestealerupx

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • XenArmor Suite

    XenArmor is as suite of password recovery tools for various application.

    recoverypasswordxenarmor

  • ACProtect 1.3x - 1.4x DLL software

    Detects file using ACProtect software.

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook accounts

    collection

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2