General
-
Target
ad792d3388b9d55ebb8fe5a79aec97b67cac275c9d65e0bf7e215ba8f8719de8
-
Size
515KB
-
Sample
221122-ztj19scc2s
-
MD5
0ee3c04db009256f7b1e4ca95a932e86
-
SHA1
c01ff8fa748745c5704df17600cd1abd46f57a10
-
SHA256
ad792d3388b9d55ebb8fe5a79aec97b67cac275c9d65e0bf7e215ba8f8719de8
-
SHA512
8453f561c2a1e80998de6ccc6bffbf3b5db3ec215ef15ee5018963b3e790bf9d33ece0224fabec0131cfa253a8175956f92094d730d68cf32a01613959acc7ee
-
SSDEEP
12288:pVDNRR3by+eblK3vxVFihFbzwKiiLJ53+eYnd:pVDNRR3byp83vxihlVP3+eGd
Static task
static1
Behavioral task
behavioral1
Sample
ad792d3388b9d55ebb8fe5a79aec97b67cac275c9d65e0bf7e215ba8f8719de8.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
ad792d3388b9d55ebb8fe5a79aec97b67cac275c9d65e0bf7e215ba8f8719de8.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
ad792d3388b9d55ebb8fe5a79aec97b67cac275c9d65e0bf7e215ba8f8719de8
-
Size
515KB
-
MD5
0ee3c04db009256f7b1e4ca95a932e86
-
SHA1
c01ff8fa748745c5704df17600cd1abd46f57a10
-
SHA256
ad792d3388b9d55ebb8fe5a79aec97b67cac275c9d65e0bf7e215ba8f8719de8
-
SHA512
8453f561c2a1e80998de6ccc6bffbf3b5db3ec215ef15ee5018963b3e790bf9d33ece0224fabec0131cfa253a8175956f92094d730d68cf32a01613959acc7ee
-
SSDEEP
12288:pVDNRR3by+eblK3vxVFihFbzwKiiLJ53+eYnd:pVDNRR3byp83vxihlVP3+eGd
Score10/10-
Modifies WinLogon for persistence
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-