General
-
Target
57637568b15294ca9adf7f6a1ea50dc6d9859a49a2bfda29c94dfea6665da0c8
-
Size
332KB
-
Sample
221122-y14tksbb41
-
MD5
d24c33ee501e9394725566229756f913
-
SHA1
ddad292f6d278bd7abcec49104a7876ba7d61aff
-
SHA256
57637568b15294ca9adf7f6a1ea50dc6d9859a49a2bfda29c94dfea6665da0c8
-
SHA512
e6936285b425cbbbb1394cec9aa6f3904c026008122e139b916b6793e086483b1f3d119a7e8bd95653fe5b0f33ddf27fc76ac0fe029768c5be89d9537d72cc73
-
SSDEEP
6144:nG/A6lH4tKDOzrEEEkO0S9VVV5EXndwZObHx0hYm6d8:nGI1tKAEEEBVVV5ENtriavd8
Static task
static1
Behavioral task
behavioral1
Sample
57637568b15294ca9adf7f6a1ea50dc6d9859a49a2bfda29c94dfea6665da0c8.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
57637568b15294ca9adf7f6a1ea50dc6d9859a49a2bfda29c94dfea6665da0c8.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
xtremerat
tron.3d-game.com
Targets
-
-
Target
57637568b15294ca9adf7f6a1ea50dc6d9859a49a2bfda29c94dfea6665da0c8
-
Size
332KB
-
MD5
d24c33ee501e9394725566229756f913
-
SHA1
ddad292f6d278bd7abcec49104a7876ba7d61aff
-
SHA256
57637568b15294ca9adf7f6a1ea50dc6d9859a49a2bfda29c94dfea6665da0c8
-
SHA512
e6936285b425cbbbb1394cec9aa6f3904c026008122e139b916b6793e086483b1f3d119a7e8bd95653fe5b0f33ddf27fc76ac0fe029768c5be89d9537d72cc73
-
SSDEEP
6144:nG/A6lH4tKDOzrEEEkO0S9VVV5EXndwZObHx0hYm6d8:nGI1tKAEEEBVVV5ENtriavd8
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-