Extracted

• • Target

    Ktxjyphnzqtbbb.exe

  • Size

    1.4MB

  • MD5

    d29a1333bcf7ee54fd018eade4ea9b6e

  • SHA1

    e730de71c59328b75efb6e84e849d510d36de2bb

  • SHA256

    a9da7b242be8ba00f35c48183b953f5e792c948a57ed1043f6759a5b61f19d70

  • SHA512

    96eafcca77bf525e481875dbbbe417ac88c14c8f06cb91306a4e83f45621c2ffd7c3f4ecd257b94a6211c54f35b8973508e5cd9ef9fbed31d2dcef037ea58423

  • SSDEEP

    24576:xBZ4bu718KC7zwTt1XPb5BEVpFEJNhMhtrjxLF7Z//ronB:x8MOCx2hE7h+1lLFxMnB

  Score

  10^/10

  modiloadertrojanbitratpersistenceupx

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader

  • ModiLoader Second Stage

  • Blocklisted process makes network request

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2