General
-
Target
4f01b9e2f9f4931d83145b02dca0c2cfda4d170fe2f7a1c179038c29c7385ebc
-
Size
324KB
-
Sample
221122-y1a69sff63
-
MD5
d864cbadc1bc50bdde428f2da344a587
-
SHA1
520bca2211138e07c2e4f35f68577be66814154f
-
SHA256
4f01b9e2f9f4931d83145b02dca0c2cfda4d170fe2f7a1c179038c29c7385ebc
-
SHA512
39b6d1d8689e6ab2f3d525f2eb0d7229b5a6420c3816bfe2a391196de652f2195b7f817e1dae6f4fd9cef63dc674ecf071e4ef7587526088c0f48a7a721113e6
-
SSDEEP
3072:fyRhFjcGcqCksRp9IILZ9U652V4l4aAeHjw68Ywajih0aU4nWcqCksRp9IILZ9Up:aXFjc/jUEFPYjUEFPRa
Behavioral task
behavioral1
Sample
4f01b9e2f9f4931d83145b02dca0c2cfda4d170fe2f7a1c179038c29c7385ebc.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
4f01b9e2f9f4931d83145b02dca0c2cfda4d170fe2f7a1c179038c29c7385ebc.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
xtremerat
oudy.no-ip.biz
Targets
-
-
Target
4f01b9e2f9f4931d83145b02dca0c2cfda4d170fe2f7a1c179038c29c7385ebc
-
Size
324KB
-
MD5
d864cbadc1bc50bdde428f2da344a587
-
SHA1
520bca2211138e07c2e4f35f68577be66814154f
-
SHA256
4f01b9e2f9f4931d83145b02dca0c2cfda4d170fe2f7a1c179038c29c7385ebc
-
SHA512
39b6d1d8689e6ab2f3d525f2eb0d7229b5a6420c3816bfe2a391196de652f2195b7f817e1dae6f4fd9cef63dc674ecf071e4ef7587526088c0f48a7a721113e6
-
SSDEEP
3072:fyRhFjcGcqCksRp9IILZ9U652V4l4aAeHjw68Ywajih0aU4nWcqCksRp9IILZ9Up:aXFjc/jUEFPYjUEFPRa
Score10/10-
Detect XtremeRAT payload
-
Modifies WinLogon for persistence
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Adds policy Run key to start application
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-