Extracted

• • Target

    e327a743f81a3ae07c17f1d5a57828ad4710538b7720415d0ffb26ec3c4d3587

  • Size

    54KB

  • MD5

    04c4553c0a90ce1678e23e9caeb1e638

  • SHA1

    f5e8af3974ecff65dbd7438c492c26073dbdc33f

  • SHA256

    e327a743f81a3ae07c17f1d5a57828ad4710538b7720415d0ffb26ec3c4d3587

  • SHA512

    d1f188b4b1f2e255e2f6de3ca4a76ade1dd32f9126a284acadb65cebec875f98f3755124124b8ea17c50e4137445b04144e51762d408877d6eee48d23d9f5b02

  • SSDEEP

    768:qiIofHSeDVtA/Wy8XIvguzGZkmNi8KicZu4CHzGmSVbRnb1UGme4oUL3zePZo5YC:qSrCJRvghVNDuZ0Gm4V1UGm3oozeR9o

  Score

  10^/10

  xtremeratpersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Modifies Installed Components in the registry

    persistence

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2