Extracted

• • Target

    tst.exe

  • Size

    1.4MB

  • MD5

    3412592c23a9bc93a234c5e25130a71a

  • SHA1

    cad0b43ff636a6d6dbbfbd38e134aa0acda7b052

  • SHA256

    017ab0c10991b0d3faa2b6fdc43487632418c4f5a337e94f8490233d254ba566

  • SHA512

    2076c9ebf616986a5e7a309bc105639abaf1ece7fcc69585457026371353aca82377f70f2903340ed28f40b69f9314c925f2319431d05b0ea527ab4ce0bd75a3

  • SSDEEP

    24576:2ndRKZCy2BrhCeU2i2cJijFbCBTPmiY05tJMSQp5ysA7Yg1nLkz6Nf6F6j4:gXDFBU2iIBb0xY/6sUYYf56Fu4

  Score

  10^/10

  bitratpersistencetrojanupx

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2

• • Target

    out.upx

  • Size

    3.8MB

  • MD5

    4dabc39b211315fe0c40dadb42548d7b

  • SHA1

    43bcb1fa069af7eef462ee94b64365490cb82851

  • SHA256

    92cff45687e5ede616b97ad98db15db5a6a94eb3e2b4c0ce7b18d1d4da8f612f

  • SHA512

    0e16364bba70ea7283b511f76e4f30dd7ecdaab490843832c04f1ba3cf90bd9993283557f088df4707b2248e99bba10442162b368c1043695bf87a646a2fbab4

  • SSDEEP

    98304:m77Pmq33rE/JDLPWZADUGer7B6iY74M/QmlwXVZ:Y+R/eZADUXR

  Score

  3^/10
  behavioral3behavioral4