Extracted

• • Target

    ae9b16fda7b0d234f07ea19a862022c3

  • Size

    2.1MB

  • MD5

    ae9b16fda7b0d234f07ea19a862022c3

  • SHA1

    35abcfeb0069c3395390d8f9f53b6b8f49072c41

  • SHA256

    ab0d28278d7a788c246ed62eb6cd7b4041ede9744392679d268c97f8376b71e9

  • SHA512

    a910a953deba2c690cd59808cbbc7cfe5a93da06eb391f2e5772306151cc03528fa962a1e064f5802898face88ae61621d04622336cb9e55ef94d53aa85066b3

  • SSDEEP

    49152:Eps74wCd7E9Y4lVHBGho//GPmziEX9ZA9:hEwCdgHBr3GPmziEts

  Score

  10^/10

  bitratpersistencetrojanupx

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2