General
-
Target
06f37e158b39bcb7ce9c4836890c2555d330f73010ec98abeec60c72db7322fa
-
Size
366KB
-
Sample
221122-y1cebsbb2y
-
MD5
82d7eb3b4c8b65f5a44ee29f227155a5
-
SHA1
c9daaf77168b664fcd2945c84f3b1fc583fcfdf2
-
SHA256
06f37e158b39bcb7ce9c4836890c2555d330f73010ec98abeec60c72db7322fa
-
SHA512
aebfcb84612a377c200182d4f5f2d896012533eebd7fb5b57b33b1ba66bdc37a198071d125d9a336e5e7be13204ce1687a97f02fe92592c11f8cff560ec00cef
-
SSDEEP
3072:fyRhFjcrBi3VjbYd8MUhYYYVYhYYYO7cdmuGehBi3VjbYd8MUhYYYVYhYYYO7cdH:aXFjcwJ9MUsdiJ9MUsdt/
Behavioral task
behavioral1
Sample
06f37e158b39bcb7ce9c4836890c2555d330f73010ec98abeec60c72db7322fa.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
06f37e158b39bcb7ce9c4836890c2555d330f73010ec98abeec60c72db7322fa.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
xtremerat
oudy.no-ip.biz
Targets
-
-
Target
06f37e158b39bcb7ce9c4836890c2555d330f73010ec98abeec60c72db7322fa
-
Size
366KB
-
MD5
82d7eb3b4c8b65f5a44ee29f227155a5
-
SHA1
c9daaf77168b664fcd2945c84f3b1fc583fcfdf2
-
SHA256
06f37e158b39bcb7ce9c4836890c2555d330f73010ec98abeec60c72db7322fa
-
SHA512
aebfcb84612a377c200182d4f5f2d896012533eebd7fb5b57b33b1ba66bdc37a198071d125d9a336e5e7be13204ce1687a97f02fe92592c11f8cff560ec00cef
-
SSDEEP
3072:fyRhFjcrBi3VjbYd8MUhYYYVYhYYYO7cdmuGehBi3VjbYd8MUhYYYVYhYYYO7cdH:aXFjcwJ9MUsdiJ9MUsdt/
Score10/10-
Detect XtremeRAT payload
-
Modifies WinLogon for persistence
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Adds policy Run key to start application
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-