General
-
Target
6c0ab4d10fd8ffa56522e328f91155e394948bddebed777b4e1f3812dc94ecdd
-
Size
192KB
-
Sample
221122-y1j46sbb3v
-
MD5
cc9b73a49c606d42b6bbe622e42ae808
-
SHA1
b16d29137f5ab35b362cd0dfd3c0569b653363fb
-
SHA256
6c0ab4d10fd8ffa56522e328f91155e394948bddebed777b4e1f3812dc94ecdd
-
SHA512
0ab1567b7c0850a5391b6ace6e438daab51fcbb1b161c5c74d2fe1f1cc9582b64f60767331f3bc28b633ccec9a66edd7aba71ee83fe446d63f33a367981ba2aa
-
SSDEEP
3072:EZdpfSsrUs4uWo1C8fIQbSJWirMkRer4Jr4eqHfCkrZZ3F+aVE9g:EzpfSsrUs45Qb+WIaQrmHfCoZsaA
Static task
static1
Behavioral task
behavioral1
Sample
6c0ab4d10fd8ffa56522e328f91155e394948bddebed777b4e1f3812dc94ecdd.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
6c0ab4d10fd8ffa56522e328f91155e394948bddebed777b4e1f3812dc94ecdd.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
xtremerat
volkov2014.ddns.net
Targets
-
-
Target
6c0ab4d10fd8ffa56522e328f91155e394948bddebed777b4e1f3812dc94ecdd
-
Size
192KB
-
MD5
cc9b73a49c606d42b6bbe622e42ae808
-
SHA1
b16d29137f5ab35b362cd0dfd3c0569b653363fb
-
SHA256
6c0ab4d10fd8ffa56522e328f91155e394948bddebed777b4e1f3812dc94ecdd
-
SHA512
0ab1567b7c0850a5391b6ace6e438daab51fcbb1b161c5c74d2fe1f1cc9582b64f60767331f3bc28b633ccec9a66edd7aba71ee83fe446d63f33a367981ba2aa
-
SSDEEP
3072:EZdpfSsrUs4uWo1C8fIQbSJWirMkRer4Jr4eqHfCkrZZ3F+aVE9g:EzpfSsrUs45Qb+WIaQrmHfCoZsaA
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-