Extracted

• • Target

    11fa27c4961acea6b79c28ccdc896bb94276ba6e3edf2e1d33539952abb1c25e.exe

  • Size

    3.8MB

  • MD5

    86000b0a976dc4a377b2e5192fe30445

  • SHA1

    ad29b138883d7906f8d6e75f2e5f60e5285d4a56

  • SHA256

    11fa27c4961acea6b79c28ccdc896bb94276ba6e3edf2e1d33539952abb1c25e

  • SHA512

    4d0be7661db756cee78c7fbbb91705574b5bb82552230277d59b14a2225f84209597473c165243594ef7d335b3f48475d92b48af21092d04320e91ac452e9c19

  • SSDEEP

    98304:nUyJF2oYGCLxnJ7rzdIzYsuvqqW07LslsPTU:nUbn5zSzYhqqW0ns8U

  Score

  10^/10

  bitrattrojanxenarmorcollectionpasswordrecoveryspywarestealerupx

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • XenArmor Suite

    XenArmor is as suite of password recovery tools for various application.

    recoverypasswordxenarmor

  • ACProtect 1.3x - 1.4x DLL software

    Detects file using ACProtect software.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Accesses Microsoft Outlook accounts

    collection

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2