General
-
Target
ae106dc102a73a883499ebae75fb7a096d69d3ed10278051e36a036a957bb7d6
-
Size
144KB
-
Sample
221123-3g356acd94
-
MD5
509306ae615754cbd2973b0c40061b0b
-
SHA1
194e47847e742bab20550b40685624ff65b30fb1
-
SHA256
ae106dc102a73a883499ebae75fb7a096d69d3ed10278051e36a036a957bb7d6
-
SHA512
14f348da9fdf8bdedf91e5d1e3ca8ce812e9529034b5da29cbcdbc42764918aa685e0ec1d51f5cebd5b8746cb57b1ea9d17556f389ab1b9bfdf9a637a3ddc30c
-
SSDEEP
1536:ZvwcR3Wok7iIoqh4jWpqMF8MurK3y7GkqXXgCHHJxs:ZvF/k7j5KOFrjYGzXXfHp2
Static task
static1
Behavioral task
behavioral1
Sample
ae106dc102a73a883499ebae75fb7a096d69d3ed10278051e36a036a957bb7d6.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
ae106dc102a73a883499ebae75fb7a096d69d3ed10278051e36a036a957bb7d6.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
xtremerat
sajenhaker.no-ip.info
Targets
-
-
Target
ae106dc102a73a883499ebae75fb7a096d69d3ed10278051e36a036a957bb7d6
-
Size
144KB
-
MD5
509306ae615754cbd2973b0c40061b0b
-
SHA1
194e47847e742bab20550b40685624ff65b30fb1
-
SHA256
ae106dc102a73a883499ebae75fb7a096d69d3ed10278051e36a036a957bb7d6
-
SHA512
14f348da9fdf8bdedf91e5d1e3ca8ce812e9529034b5da29cbcdbc42764918aa685e0ec1d51f5cebd5b8746cb57b1ea9d17556f389ab1b9bfdf9a637a3ddc30c
-
SSDEEP
1536:ZvwcR3Wok7iIoqh4jWpqMF8MurK3y7GkqXXgCHHJxs:ZvF/k7j5KOFrjYGzXXfHp2
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-