General
-
Target
545db24961a2e96ce9ad8c202b4a7b44e6d625feaabff7ced60ccffb8e4e81cc
-
Size
555KB
-
Sample
221122-y1srbaff83
-
MD5
2d996bf8b4d9193a83089eef92c3cf97
-
SHA1
298c7901f97ea9df2d152f04bb0da959047894af
-
SHA256
545db24961a2e96ce9ad8c202b4a7b44e6d625feaabff7ced60ccffb8e4e81cc
-
SHA512
17753f66afc7e83e2e44a2f93a992cffa6eacc480f59404d3c23e11d154f40d294db201e818071e2b7a32a951c8850778ecfb46761974de80b019ec1dd6094ea
-
SSDEEP
12288:c6Wq4aaE6KwyF5L0Y2D1PqLUodnFAWTC9wLka77h0fN8tO47IcIl:athEVaPqLbPTSY/0fR4fO
Behavioral task
behavioral1
Sample
545db24961a2e96ce9ad8c202b4a7b44e6d625feaabff7ced60ccffb8e4e81cc.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
545db24961a2e96ce9ad8c202b4a7b44e6d625feaabff7ced60ccffb8e4e81cc.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
xtremerat
썹嚫ᄀ蠀C:\Prograp1215.servemp3.com
Targets
-
-
Target
545db24961a2e96ce9ad8c202b4a7b44e6d625feaabff7ced60ccffb8e4e81cc
-
Size
555KB
-
MD5
2d996bf8b4d9193a83089eef92c3cf97
-
SHA1
298c7901f97ea9df2d152f04bb0da959047894af
-
SHA256
545db24961a2e96ce9ad8c202b4a7b44e6d625feaabff7ced60ccffb8e4e81cc
-
SHA512
17753f66afc7e83e2e44a2f93a992cffa6eacc480f59404d3c23e11d154f40d294db201e818071e2b7a32a951c8850778ecfb46761974de80b019ec1dd6094ea
-
SSDEEP
12288:c6Wq4aaE6KwyF5L0Y2D1PqLUodnFAWTC9wLka77h0fN8tO47IcIl:athEVaPqLbPTSY/0fR4fO
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-