Extracted

• • Target

    e6a08acc2c63f7a8925e59a2409d1e28c8d85a430d50a1f1b2220b3b165aa533

  • Size

    70KB

  • MD5

    64e7761a671db8b39ce71b8fe1454540

  • SHA1

    190abb11d110aa42148e85ec699c0bce5865a442

  • SHA256

    e6a08acc2c63f7a8925e59a2409d1e28c8d85a430d50a1f1b2220b3b165aa533

  • SHA512

    4d18d3138b1fa30f8036795e05895a8c46088cf677beb5b9257237b2b9f631290fcbe809efe24481cdd80dc09ab7a55769ba4f72a2e1d72693ca8a2b3634781f

  • SSDEEP

    1536:yH6hAyGAnnYQLpxniw62XS2H+mUJDo/EVzY5pFvZd9YKm4wXl:yaR7LfRS2HBwDpS3b9YKmF

  Score

  10^/10

  xtremeratpersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Modifies Installed Components in the registry

    persistence

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2