Extracted

Extracted

• • Target

    New Text Document.bin

  • Size

    4KB

  • MD5

    a239a27c2169af388d4f5be6b52f272c

  • SHA1

    0feb9a0cd8c25f01d071e9b2cfc2ae7bd430318c

  • SHA256

    98e895f711226a32bfab152e224279d859799243845c46e550c2d32153c619fc

  • SHA512

    f30e1ff506cc4d729f7e24aa46e832938a5e21497f1f82f1b300d47f45dae7f1caef032237ef1f5ae9001195c43c0103e3ab787f9196c8397846c1dea8f351da

  • SSDEEP

    48:6r1huik0xzYGJZZJOQOulbfSqXSfbNtm:IIxcLpf6zNt

  Score

  10^/10

  dcratformbooknetwirequasarsectopratxwormzgratt2tibotnetevasioninfostealerratspywarestealerthemidatrojan

  • DcRat

    DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    ratinfostealerdcrat

  • Detect Xworm Payload

  • Detect ZGRat V1

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • NetWire RAT payload

    rat

  • Netwire

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    botnetstealernetwire

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar

  • Quasar payload

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • DCRat payload

    Detects payload of DCRat, commonly dropped by NSIS installers.

    rat

  • Formbook payload

    rat

  • Downloads MZ/PE file

  • Modifies Windows Firewall

    evasion

  • Themida packer

    Detects Themida, an advanced Windows software protection system.

    themida

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1