Extracted

• • Target

    3c0ad287b00862a3ac6e1c7e097a858a

  • Size

    2.3MB

  • MD5

    3c0ad287b00862a3ac6e1c7e097a858a

  • SHA1

    30bfa8d52be643cd15be4931da2396c249338963

  • SHA256

    0dc0be119499ac64c45990a7bac7b923d79528e0bbc4e3b70a892ee993a92d12

  • SHA512

    c6c31d4a01428534e18f62845a29d72006f0141d9a8ebfa2b38322cd7bc029ef219cf05aa38ff641824244e2b1a3daf10564df2e52c9a6283f0f080046a4762c

  • SSDEEP

    49152:mkK64JEeME84Oy9lykjsEuy9WvAoM3umFOBLCGhakrlc9:oiuRgEpWvEuTLCGh3ru9

  Score

  10^/10

  bitratpersistencetrojanupx

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • CustAttr .NET packer

    Detects CustAttr .NET packer in memory.

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2