General
-
Target
dacc9de494f7f8eac735092e7267225131e1f8e15fa8dab5c612e3b5badf2daa
-
Size
284KB
-
Sample
221122-3lxtyagd8w
-
MD5
c8749406aab80718b4f048bb00107c71
-
SHA1
da6cf5efa205495c5c0774586df9ccadff196940
-
SHA256
dacc9de494f7f8eac735092e7267225131e1f8e15fa8dab5c612e3b5badf2daa
-
SHA512
c115de8bacd7490a1256109d498dc6687549dfa42b590fc9931c2aa23d5b7c658f180a63fc46d0be4c142cbe25b29de0b0e34c7c3b65bd90b1d7fdfb0430b075
-
SSDEEP
6144:JzlQUFo0qQYYs+Mh40eniBpuBDjt9FX6M7Zud:5lQUF9pYX4nou1tD6Mm
Static task
static1
Behavioral task
behavioral1
Sample
dacc9de494f7f8eac735092e7267225131e1f8e15fa8dab5c612e3b5badf2daa.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
dacc9de494f7f8eac735092e7267225131e1f8e15fa8dab5c612e3b5badf2daa.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
xtremerat
amhi.no-ip.info
Targets
-
-
Target
dacc9de494f7f8eac735092e7267225131e1f8e15fa8dab5c612e3b5badf2daa
-
Size
284KB
-
MD5
c8749406aab80718b4f048bb00107c71
-
SHA1
da6cf5efa205495c5c0774586df9ccadff196940
-
SHA256
dacc9de494f7f8eac735092e7267225131e1f8e15fa8dab5c612e3b5badf2daa
-
SHA512
c115de8bacd7490a1256109d498dc6687549dfa42b590fc9931c2aa23d5b7c658f180a63fc46d0be4c142cbe25b29de0b0e34c7c3b65bd90b1d7fdfb0430b075
-
SSDEEP
6144:JzlQUFo0qQYYs+Mh40eniBpuBDjt9FX6M7Zud:5lQUF9pYX4nou1tD6Mm
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of SetThreadContext
-