Extracted

• • Target

    Glycan.exe

  • Size

    588KB

  • MD5

    fe681fa0b257e52fe02b46a7586aa8a4

  • SHA1

    0850bf52d26c57711a3156aa4157eee57cbcb3b2

  • SHA256

    27814b2c2db98facd2b30c90414d7fc0deb59ea01b7b63a5c7e7da015da98273

  • SHA512

    d1e9dfb6f6effeda348c1d2236d7d13041e54162c73e6bb3a335df5d0d0aacacba718e6954755f6b42f892328d842de88143aef3203c887f5e5732f6a3f039f7

  • SSDEEP

    12288:OQZmZPOsxmuCO6nZ63sw5lp4m7NM4fGxt5Ug90GxgIp:6ROsPCO6ZAlSGGx/nx3

  Score

  10^/10

  bitratxenarmorcollectionpasswordpersistencerecoveryspywarestealertrojanupx

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • XenArmor Suite

    XenArmor is as suite of password recovery tools for various application.

    recoverypasswordxenarmor

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Checks QEMU agent file

    Checks presence of QEMU agent, possibly to detect virtualization.

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook accounts

    collection

  • Adds Run key to start application

    persistence

  • Suspicious use of NtCreateThreadExHideFromDebugger

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2