General
-
Target
1b3ba70615d988ba8f8ef1bde16efaf54f7e0d1eac5cc6ab55b6ede4afeee0f6
-
Size
40KB
-
Sample
221002-s4qs8sedel
-
MD5
5913e2dc1c1d0cdb54302a5c24433db6
-
SHA1
7cc331aa406baf20a74b4d932182368b1565fd65
-
SHA256
1b3ba70615d988ba8f8ef1bde16efaf54f7e0d1eac5cc6ab55b6ede4afeee0f6
-
SHA512
0680c556c53057858aeef16f81709fa730dbda527f9c4ad78d02a1c8554c78d4e97e63d1b4d9ad81820b34b02e197a5afa103179125e4c79300295b1ac87d717
-
SSDEEP
768:JhMKYD2IxcWxq2BR1jQWCGixWbPrKpZeCBOTrpjkwuUPCHNZBd2ct:rMBDtu6T/0WCMWpBOp1uqEb7
Malware Config
Targets
-
-
Target
1b3ba70615d988ba8f8ef1bde16efaf54f7e0d1eac5cc6ab55b6ede4afeee0f6
-
Size
40KB
-
MD5
5913e2dc1c1d0cdb54302a5c24433db6
-
SHA1
7cc331aa406baf20a74b4d932182368b1565fd65
-
SHA256
1b3ba70615d988ba8f8ef1bde16efaf54f7e0d1eac5cc6ab55b6ede4afeee0f6
-
SHA512
0680c556c53057858aeef16f81709fa730dbda527f9c4ad78d02a1c8554c78d4e97e63d1b4d9ad81820b34b02e197a5afa103179125e4c79300295b1ac87d717
-
SSDEEP
768:JhMKYD2IxcWxq2BR1jQWCGixWbPrKpZeCBOTrpjkwuUPCHNZBd2ct:rMBDtu6T/0WCMWpBOp1uqEb7
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-