General
-
Target
f87408ebdf5ac0c037bcb70aecaeb7cb1ff03c1c574ee4172acac571168a0728
-
Size
515KB
-
Sample
221122-ztdjgsgg66
-
MD5
fc597388e9659a66600e39273b973b81
-
SHA1
4239ff23a8cc849f10c13f6284d870eef5bf1c9f
-
SHA256
f87408ebdf5ac0c037bcb70aecaeb7cb1ff03c1c574ee4172acac571168a0728
-
SHA512
20afba105703b56cfba285da0679c036bd4631aa6792d6f808f9028b28bfa17c7680e6aac198ef0de9c7ac5ad535673aa99d8951bd5d59ef8c2e6ca489e6a3da
-
SSDEEP
12288:JtDNRR3b4H0iPVxML0K8WY56FXaj9fg/gwfLxfodz2d9x+zE:JtDNRR3b4H0i9xDKHY5NqJLVqz2dWQ
Static task
static1
Behavioral task
behavioral1
Sample
f87408ebdf5ac0c037bcb70aecaeb7cb1ff03c1c574ee4172acac571168a0728.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
f87408ebdf5ac0c037bcb70aecaeb7cb1ff03c1c574ee4172acac571168a0728.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
f87408ebdf5ac0c037bcb70aecaeb7cb1ff03c1c574ee4172acac571168a0728
-
Size
515KB
-
MD5
fc597388e9659a66600e39273b973b81
-
SHA1
4239ff23a8cc849f10c13f6284d870eef5bf1c9f
-
SHA256
f87408ebdf5ac0c037bcb70aecaeb7cb1ff03c1c574ee4172acac571168a0728
-
SHA512
20afba105703b56cfba285da0679c036bd4631aa6792d6f808f9028b28bfa17c7680e6aac198ef0de9c7ac5ad535673aa99d8951bd5d59ef8c2e6ca489e6a3da
-
SSDEEP
12288:JtDNRR3b4H0iPVxML0K8WY56FXaj9fg/gwfLxfodz2d9x+zE:JtDNRR3b4H0i9xDKHY5NqJLVqz2dWQ
Score10/10-
Modifies WinLogon for persistence
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-