General
-
Target
87380a16b610d4d3be2038a2e83092d1dfb546a205a8523ba4fd5b4ed5fec973
-
Size
1.1MB
-
Sample
221123-3g4rpaff5z
-
MD5
5383cae2374791840069b911f39b69e4
-
SHA1
370e8a25738dd02d08c72bda5e57b0d8a24d34a2
-
SHA256
87380a16b610d4d3be2038a2e83092d1dfb546a205a8523ba4fd5b4ed5fec973
-
SHA512
dd5e309281a6d7a52bd4c965fa43eeef81419d053128046e307c6d6225761dcdfb2fa2b053cd86d14629b72581372a318f7c0202ec4e9bf2788bdbac37e84f56
-
SSDEEP
24576:JXsbhw7CBsydWW9mckMFTog+sfqgXCQ8LqZw6/ZF0A8:OVwuIWgBMFTLJPwGZx/Zi
Static task
static1
Behavioral task
behavioral1
Sample
87380a16b610d4d3be2038a2e83092d1dfb546a205a8523ba4fd5b4ed5fec973.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
87380a16b610d4d3be2038a2e83092d1dfb546a205a8523ba4fd5b4ed5fec973.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
xtremerat
123boof.no-ip.org
Targets
-
-
Target
87380a16b610d4d3be2038a2e83092d1dfb546a205a8523ba4fd5b4ed5fec973
-
Size
1.1MB
-
MD5
5383cae2374791840069b911f39b69e4
-
SHA1
370e8a25738dd02d08c72bda5e57b0d8a24d34a2
-
SHA256
87380a16b610d4d3be2038a2e83092d1dfb546a205a8523ba4fd5b4ed5fec973
-
SHA512
dd5e309281a6d7a52bd4c965fa43eeef81419d053128046e307c6d6225761dcdfb2fa2b053cd86d14629b72581372a318f7c0202ec4e9bf2788bdbac37e84f56
-
SSDEEP
24576:JXsbhw7CBsydWW9mckMFTog+sfqgXCQ8LqZw6/ZF0A8:OVwuIWgBMFTLJPwGZx/Zi
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-