Extracted

• • Target

    CJYUAEBL.EXE

  • Size

    1010KB

  • MD5

    2ae6e69113d98e4f3bb815c21f626496

  • SHA1

    78920f0064d350e24812fda6c5658ac6177b5cf5

  • SHA256

    0305b3a95aff122c888a200de747a565208ea19494c8257b0c972084141f42c4

  • SHA512

    c7afbd664a2eebeeac3bdd01a359ea74da953552cad187682d431f0af754725a08f1135457618618a51bf1e3893a6c3a0c05e68172ee9eefcb020187ab8dfd0e

  • SSDEEP

    24576:owfXt2qCbasU3cyK9pNhMhtrjxLF7ZQ/ronBb5:oEcO+9bh+1lLFaMnBb

  Score

  10^/10

  modiloadertrojanbitratpersistenceupx

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader

  • ModiLoader Second Stage

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2