Extracted

• • Target

    xcfgsfaa.exe

  • Size

    1.5MB

  • MD5

    45fd8c84b44a20b4188de744bdf0a3f8

  • SHA1

    37a13e9a7d5af87b82e55630fe78a8e12059dad5

  • SHA256

    59f62f44fbd11163cb3eeb68f2b4606130dd8a01f569624ee4e4c50691c94391

  • SHA512

    70e3fb0696ad94a98bef78b3fb5d8267596032eb5345b160a0820977e5a8988a382da01ff1b4eb140ac9e319f2dcf0ca7978bbb61b78880c9de5741a49fcddcf

  • SSDEEP

    24576:Q4z87j9s0ML+6lvQ0QGTr8ZtkYa5yVke+MomAstHC7w3H79RBWKP:QvfWbLd7Y75+MomAstHC7wr5W

  Score

  10^/10

  bitrattrojanupx

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Uses the VBS compiler for execution

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2