Extracted

• • Target

    Receipt.exe

  • Size

    300.0MB

  • MD5

    9b5cedfdbe69f0ae2d9fd76a8ca7c395

  • SHA1

    bbf67b37e6a227a0719dafcfb8e28daeafedd189

  • SHA256

    7d1110907532d120ac7cf5e077b7b68298708630f079997b2f2758efaaf4d22b

  • SHA512

    9a02e1c81836bafe82e31d24259eba132929b99c5fb74025bc64820995eb6f3d25e548e6fd318b1be3b555b9e8b6a139a543037d07f6914749fe496c1dfac3d6

  • SSDEEP

    49152:hBkHVm1sE2BbkkwaFXw7Nt25SVEK6/1S2Uwc:/YVmC7GRaFXw7Nt25ep01S2Uwc

  Score

  10^/10

  bitrattrojanupx

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2