General
-
Target
7dae300e7940ce26176b822bd380c4f26e82572604679eb62370dde67f3e46af
-
Size
501KB
-
Sample
221122-3lbayagd6x
-
MD5
c23cf59cc8faa96fa1eccd9b5889de59
-
SHA1
f9c9ab50a19ad0063ee16d9923d2b22131f30e0d
-
SHA256
7dae300e7940ce26176b822bd380c4f26e82572604679eb62370dde67f3e46af
-
SHA512
cb8e1a5580ea853364d9eea1f7f0264ad7b09d0bb2669ddb2fadd8c717720e87112cd02067da03b54301864e318ebd335fcafea3a243d007b3bae77191ce28bc
-
SSDEEP
12288:LDN7uOZtbgbhT9z5LcdEKdWvuPmj3CAqaFD88:3sOZt0bhfLcZIuP83pqaV88
Static task
static1
Behavioral task
behavioral1
Sample
7dae300e7940ce26176b822bd380c4f26e82572604679eb62370dde67f3e46af.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
7dae300e7940ce26176b822bd380c4f26e82572604679eb62370dde67f3e46af.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
7dae300e7940ce26176b822bd380c4f26e82572604679eb62370dde67f3e46af
-
Size
501KB
-
MD5
c23cf59cc8faa96fa1eccd9b5889de59
-
SHA1
f9c9ab50a19ad0063ee16d9923d2b22131f30e0d
-
SHA256
7dae300e7940ce26176b822bd380c4f26e82572604679eb62370dde67f3e46af
-
SHA512
cb8e1a5580ea853364d9eea1f7f0264ad7b09d0bb2669ddb2fadd8c717720e87112cd02067da03b54301864e318ebd335fcafea3a243d007b3bae77191ce28bc
-
SSDEEP
12288:LDN7uOZtbgbhT9z5LcdEKdWvuPmj3CAqaFD88:3sOZt0bhfLcZIuP83pqaV88
Score10/10-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-