General
-
Target
01b90464c4c6df17e6d5f0d468eb05261507204faa2993137e0639cbf2822216
-
Size
366KB
-
Sample
220523-wx3q1adgfp
-
MD5
58ab608bd203846607e6fe52381dad9d
-
SHA1
e861165ddc44b91b5697dbebdabfea0db3c4aa0e
-
SHA256
01b90464c4c6df17e6d5f0d468eb05261507204faa2993137e0639cbf2822216
-
SHA512
1f28e5d8c396f60aed3a4c087776db7d6c1d23578c70deb3edd19a044ee498e4fee54d59d6232b0362a5cef9a6209122fb1c5065cc1c80f87cede2e96a28c853
Static task
static1
Behavioral task
behavioral1
Sample
01b90464c4c6df17e6d5f0d468eb05261507204faa2993137e0639cbf2822216.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
01b90464c4c6df17e6d5f0d468eb05261507204faa2993137e0639cbf2822216.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
01b90464c4c6df17e6d5f0d468eb05261507204faa2993137e0639cbf2822216
-
Size
366KB
-
MD5
58ab608bd203846607e6fe52381dad9d
-
SHA1
e861165ddc44b91b5697dbebdabfea0db3c4aa0e
-
SHA256
01b90464c4c6df17e6d5f0d468eb05261507204faa2993137e0639cbf2822216
-
SHA512
1f28e5d8c396f60aed3a4c087776db7d6c1d23578c70deb3edd19a044ee498e4fee54d59d6232b0362a5cef9a6209122fb1c5065cc1c80f87cede2e96a28c853
-
Detect XtremeRAT Payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-