Extracted

• • Target

    SecuriteInfo.com.Win32.RATX-gen.16516.30497.exe

  • Size

    7.6MB

  • MD5

    9f42c993b0f9560fce2ac89d5b823b3b

  • SHA1

    7c3ae9d0a92335ec5076490af4544a071d69c6d4

  • SHA256

    3e6692760e61b3e71675a24f7b5b50cde09cabf750ede2a9a365c8e482c61943

  • SHA512

    867eaa8455f4314e355241374b0eb80bcc7d6f932330e82c0a18a8e79caba014f35621c2bc0e345d294eb95bcecfcfed7652b058c88ae52ebfa82436cc59d379

  • SSDEEP

    196608:Qv9coCuwOc11PU2hGdwV52HSabjklOaxb/1sjK:ObC/O2QejwSZ9/1EK

  Score

  10^/10

  bitratxenarmorcollectionpasswordrecoveryspywarestealertrojanupx

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • XenArmor Suite

    XenArmor is as suite of password recovery tools for various application.

    recoverypasswordxenarmor

  • ACProtect 1.3x - 1.4x DLL software

    Detects file using ACProtect software.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Accesses Microsoft Outlook accounts

    collection

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2