General
-
Target
d160bb35aa8ab63ebde79b69d57ebb0494245d64e02c6be58be83daafe36b0ab
-
Size
160KB
-
Sample
221123-3g7tcace22
-
MD5
523f8ed4cb735afe3426386e9e3be1b0
-
SHA1
991bae19650f8b2b168b453032bd3a3d618e417f
-
SHA256
d160bb35aa8ab63ebde79b69d57ebb0494245d64e02c6be58be83daafe36b0ab
-
SHA512
67598340760dabbe473ae8703cf14acd2c4252c9b3a492c4d8adc90e477668b7622917f187c132ad2851b4386a183174cb394c81719ddf0288154a5056a88432
-
SSDEEP
3072:A1hFYA1Xj4i9QMRdMYS4RHjQqM457ClbhW2:wXj4eoYSYDQp4VKb82
Static task
static1
Behavioral task
behavioral1
Sample
d160bb35aa8ab63ebde79b69d57ebb0494245d64e02c6be58be83daafe36b0ab.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
d160bb35aa8ab63ebde79b69d57ebb0494245d64e02c6be58be83daafe36b0ab.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
xtremerat
dengermada.no-ip.biz
Targets
-
-
Target
d160bb35aa8ab63ebde79b69d57ebb0494245d64e02c6be58be83daafe36b0ab
-
Size
160KB
-
MD5
523f8ed4cb735afe3426386e9e3be1b0
-
SHA1
991bae19650f8b2b168b453032bd3a3d618e417f
-
SHA256
d160bb35aa8ab63ebde79b69d57ebb0494245d64e02c6be58be83daafe36b0ab
-
SHA512
67598340760dabbe473ae8703cf14acd2c4252c9b3a492c4d8adc90e477668b7622917f187c132ad2851b4386a183174cb394c81719ddf0288154a5056a88432
-
SSDEEP
3072:A1hFYA1Xj4i9QMRdMYS4RHjQqM457ClbhW2:wXj4eoYSYDQp4VKb82
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-