General
-
Target
4f382b6cb87c5413002055e474ea300d53c67bffdf63cb322fc1a55cfcf2e0ce
-
Size
347KB
-
Sample
220720-sf73lsghgr
-
MD5
bddda55fb978f891603a996d531f91ae
-
SHA1
926d297215144f42cf6d71b04f01f1682b2571f5
-
SHA256
4f382b6cb87c5413002055e474ea300d53c67bffdf63cb322fc1a55cfcf2e0ce
-
SHA512
5a40b1f769778bd7ac64e38f285770f0e7257b15e2fefe52baa4af5164bd2b325407aece01c47ed7435136b464b6a486399f9f66f4e7bc81e0be360614bdfa38
Static task
static1
Behavioral task
behavioral1
Sample
4f382b6cb87c5413002055e474ea300d53c67bffdf63cb322fc1a55cfcf2e0ce.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
4f382b6cb87c5413002055e474ea300d53c67bffdf63cb322fc1a55cfcf2e0ce.exe
Resource
win10v2004-20220718-en
Malware Config
Extracted
xtremerat
securecenter.sytes.net
Targets
-
-
Target
4f382b6cb87c5413002055e474ea300d53c67bffdf63cb322fc1a55cfcf2e0ce
-
Size
347KB
-
MD5
bddda55fb978f891603a996d531f91ae
-
SHA1
926d297215144f42cf6d71b04f01f1682b2571f5
-
SHA256
4f382b6cb87c5413002055e474ea300d53c67bffdf63cb322fc1a55cfcf2e0ce
-
SHA512
5a40b1f769778bd7ac64e38f285770f0e7257b15e2fefe52baa4af5164bd2b325407aece01c47ed7435136b464b6a486399f9f66f4e7bc81e0be360614bdfa38
Score10/10-
Detect XtremeRAT payload
-
Modifies WinLogon for persistence
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-