Extracted

• • Target

    Stub.exe

  • Size

    3.8MB

  • MD5

    7fb55e012a36060896cfa1c93c2051b2

  • SHA1

    31106aeed1d00e1331f83ff6a6e8a07a73947d5f

  • SHA256

    73971baad302c2025a9cede6800b2e811600b17ded2f7ef4782a83bfdc687b9b

  • SHA512

    2a3c9f8cf3c38b73c37755edd425bfd5db3dee211737c6930af389a19beeb7cb027fc48227434f21b797c2a11ac0d6742de9a93f354eeaf5c8e753aa4ccf58df

  • SSDEEP

    98304:d77Pmq33rE/JDLPWZADUGer7B6iY74M/vmlwXVZ4FB:5+R/eZADUXR

  Score

  10^/10

  bitratxenarmorcollectionpasswordrecoveryspywarestealertrojanupx

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • XenArmor Suite

    XenArmor is as suite of password recovery tools for various application.

    recoverypasswordxenarmor

  • ACProtect 1.3x - 1.4x DLL software

    Detects file using ACProtect software.

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Accesses Microsoft Outlook accounts

    collection

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2