Extracted

• • Target

    e9348cb01ad037af1b8043989cd525e47e5c271ff49aece168432eadfb69beda

  • Size

    316KB

  • MD5

    6388b0c729f20b3dbd680945479d2f80

  • SHA1

    7b3d01217936f8028c7ba917cb73e15b6c51a823

  • SHA256

    e9348cb01ad037af1b8043989cd525e47e5c271ff49aece168432eadfb69beda

  • SHA512

    1c8389364c37535521700fc45d61025a4578d295b39ab5028690a2807fb22072c03ad3ac4bfb58646290a71156e71f4457a197d52d7404e6131aa81c4e9134c0

  • SSDEEP

    1536:2ntvJyGe1KmWCra7PRfV2GeJJL0Mk0PCZSAEDzzKb+4:skGe1jGPRyJ4saWD3c

  Score

  10^/10

  xtremeratevasionpersistenceratspywaretrojan

  • Detect XtremeRAT payload

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Suspicious use of SetThreadContext

  behavioral1behavioral2