Extracted

• • Target

    da8f7c39a3136c6546c6f2e36872be49ddd7a8dd53002e12d04739680e4821b8

  • Size

    64KB

  • MD5

    3f6cd0ff8f90ba35fe22b94e55655c96

  • SHA1

    eabdde0d8d5ff3dee1690e322184d7ec2f3f5d10

  • SHA256

    da8f7c39a3136c6546c6f2e36872be49ddd7a8dd53002e12d04739680e4821b8

  • SHA512

    8d51772b8ffce6b9aef3f1068f067811ae65ce00aca058bbef1e1a847efdb90552fc9c9bd31de0b23da03982e4eb13689caee5fb08ecdff02e3b306ca539322a

  • SSDEEP

    1536:gwdyfgYBUngABZvxZ/DOG8s8MkeNSzXzKN:gwdyRapBZP/Dl8DMDSzX+N

  Score

  10^/10

  bitratxenarmorcollectionpasswordpersistencerecoveryspywarestealertrojanupx

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • XenArmor Suite

    XenArmor is as suite of password recovery tools for various application.

    recoverypasswordxenarmor

  • ACProtect 1.3x - 1.4x DLL software

    Detects file using ACProtect software.

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook accounts

    collection

  • Adds Run key to start application

    persistence

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1