General
-
Target
117b9947e15345993b9fcf22de7f79264f1f4d67bcd567355a75324471e4e808
-
Size
129KB
-
Sample
221122-y1gztaff73
-
MD5
d9c503eb7498a6299be20e0acc6aa398
-
SHA1
f73b5685baa6107722e4c8d27aa1db67987d3920
-
SHA256
117b9947e15345993b9fcf22de7f79264f1f4d67bcd567355a75324471e4e808
-
SHA512
432e26037ee998166c068dc14a7cef52256689a244659b772a0ba262153d9fc3b47c314737488d10793358d9f136dd329fc03b08f785ab0216059a6861c42f89
-
SSDEEP
3072:qtF5CpZX9I59eHG3vbpv5GWl+raBIpPQMPoBgEAQIIX:qrMpdesovbXOraBCDoxAE
Behavioral task
behavioral1
Sample
117b9947e15345993b9fcf22de7f79264f1f4d67bcd567355a75324471e4e808.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
117b9947e15345993b9fcf22de7f79264f1f4d67bcd567355a75324471e4e808.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
xtremerat
oudy.no-ip.biz
Targets
-
-
Target
117b9947e15345993b9fcf22de7f79264f1f4d67bcd567355a75324471e4e808
-
Size
129KB
-
MD5
d9c503eb7498a6299be20e0acc6aa398
-
SHA1
f73b5685baa6107722e4c8d27aa1db67987d3920
-
SHA256
117b9947e15345993b9fcf22de7f79264f1f4d67bcd567355a75324471e4e808
-
SHA512
432e26037ee998166c068dc14a7cef52256689a244659b772a0ba262153d9fc3b47c314737488d10793358d9f136dd329fc03b08f785ab0216059a6861c42f89
-
SSDEEP
3072:qtF5CpZX9I59eHG3vbpv5GWl+raBIpPQMPoBgEAQIIX:qrMpdesovbXOraBCDoxAE
Score10/10-
Detect XtremeRAT payload
-
Modifies WinLogon for persistence
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Adds policy Run key to start application
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-