Extracted

• • Target

    HardCut Limiter Petrol EnginesV1.7_Pop&Bang.exe

  • Size

    3.0MB

  • MD5

    0e460c38a2cb05f01053a570686d6c56

  • SHA1

    b03c044dc6d123c97121ce0b2730b6de3abf4d21

  • SHA256

    09a70564723d4a33bb06b1ad49c656f3b4ff32bc50af5fdd08bf3f1f70735bdb

  • SHA512

    9bff52b49441e26ef026f3e4989ed70aa05de25160ceb8ea1f3ab0601387b78d5d60604cc8ec8a916c9d022509fbc299816c7b7b3394bbc4fc800514a4d26904

  • SSDEEP

    49152:NQnXDFBU2iIBb0xY/6sUYY8e7o0goV6P:yzXbFZCBvr79goV

  Score

  10^/10

  bitratpersistencetrojanupx

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2