Extracted

• • Target

    9af1f73859028d3b83d19b2fa5da6f0a9b5f279dce89187fd2e4a5b5e5a41f6d

  • Size

    399KB

  • MD5

    71af0784211e9904cb45cea2fd09c540

  • SHA1

    1813f9d0d696b1fa60b20d3f039df9d7d813f6cf

  • SHA256

    9af1f73859028d3b83d19b2fa5da6f0a9b5f279dce89187fd2e4a5b5e5a41f6d

  • SHA512

    64a213810da854c068bef542888f105e174313a491085214ef8532db29ef082d7cf1099701453d1adc80d19f3fe1d87b273f5954e2e33a3ac3741580b19af8d7

  • SSDEEP

    3072:Sb+W58xl8dBMVYtfZvUCX44rj/Wodmo9o:18MVYtfZUKdm3

  Score

  10^/10

  xtremeratpersistenceratspyware

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Modifies Installed Components in the registry

    persistence

  • Adds Run key to start application

    persistence

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2