Extracted

• • Target

    06f3f7d1ccf1fed824d94e30991c89db5010ecb05e9fb0f3f1e0fff1a859dca6

  • Size

    951KB

  • MD5

    0f83303755054eea65e7b87f0e10d43b

  • SHA1

    79e1832bf7c756130cf3bb9a72ef0442f8959114

  • SHA256

    06f3f7d1ccf1fed824d94e30991c89db5010ecb05e9fb0f3f1e0fff1a859dca6

  • SHA512

    f842f30fe6da7932e66484a44b5987c8d0f7044fa758f0d57b80416ae1781390f4eb4413a1855b4c5634e44ecf7f89b997e2846bbbab9e5516b75a4a83c683f1

  • SSDEEP

    24576:yhajSH6d4Hbz6I9QivMc1rMk3LP2raBLpYOT0T2:aaWH6d455vMcVMpS

  Score

  10^/10

  xtremeratbootkitpersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Writes to the Master Boot Record (MBR)

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2