Extracted

• • Target

    DOCX_HOMETULS CAREN BUSTOS.exe

  • Size

    52KB

  • MD5

    7ae0be2e67353870c5737f1bbfaee601

  • SHA1

    186bc1e15dc79b42df068f6cec4f87ceb9549513

  • SHA256

    2e6cac18fae7c50f42e4fbef46b54437a25d06d5369513106c33f64cd7f4d854

  • SHA512

    e71375baf3fa8e5b26a22a4e8abe566de952b38abd6fb8b35f22e3d9684bb3c9f597cdbe8e4302870c2eba27a0c7f97b5fca4a0ec4030e4616a82d8118858e06

  • SSDEEP

    1536:taVs7TPxdFa75FfC3hT6u7TPxdFa75FfC3hT6B:taVsfxvaXS6ufxvaXS6B

  Score

  10^/10

  bitratpersistencetrojanupx

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application

    persistence

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2