Extracted

• • Target

    33398ed32c539bc45a33b394a03d054c13db10e32b294627ba3da04737dff3a9

  • Size

    712KB

  • MD5

    0d6542d9d1dadd5fddf51a0302231258

  • SHA1

    9aae90db2ac05caf13a835c288850653cbf36584

  • SHA256

    33398ed32c539bc45a33b394a03d054c13db10e32b294627ba3da04737dff3a9

  • SHA512

    bbef96545cae9b67816d101026f94db5b26066010cabf658e68ecdabd148cbdf11e71827ce3fbb9c7465d1636a64d6aa0e3bbcc1c24c0459187c5f9a8c18ff66

  • SSDEEP

    12288:bOqBSPmJ7uD4vqQOqCg/0+cdEuH8uitp4xieV31K93u:yCSCOTRdEuUpJGl3

  Score

  10^/10

  xtremeratpersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Executes dropped EXE

  • Modifies Installed Components in the registry

    persistence

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  • Suspicious use of SetThreadContext

  behavioral1behavioral2