General
-
Target
400e8b0fd641e92c9cea4b65da40a61a4acfee86be7ebdd6d1bbbf32d3022c3d
-
Size
466KB
-
Sample
221123-3hdxnaff7t
-
MD5
1590baae4e915db175799db8faade9a0
-
SHA1
07b4473240dcad3a790a9c8db0a2b721ae0caf4d
-
SHA256
400e8b0fd641e92c9cea4b65da40a61a4acfee86be7ebdd6d1bbbf32d3022c3d
-
SHA512
76805fb767317fb33b5ed757ac6ee4010f89207221dddd08e37048e9e126d7459e8895be21a30c8032a491ac839e5dfd3c91a390572f827547665f1dabd6fc12
-
SSDEEP
6144:swW8yscx1kmW3TaW8a1m/2amPH9KNjzkY5xtEQD+Gx:LyNxKIW8nJ
Behavioral task
behavioral1
Sample
400e8b0fd641e92c9cea4b65da40a61a4acfee86be7ebdd6d1bbbf32d3022c3d.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
400e8b0fd641e92c9cea4b65da40a61a4acfee86be7ebdd6d1bbbf32d3022c3d.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
xtremerat
grymtn.no-ip.org
Targets
-
-
Target
400e8b0fd641e92c9cea4b65da40a61a4acfee86be7ebdd6d1bbbf32d3022c3d
-
Size
466KB
-
MD5
1590baae4e915db175799db8faade9a0
-
SHA1
07b4473240dcad3a790a9c8db0a2b721ae0caf4d
-
SHA256
400e8b0fd641e92c9cea4b65da40a61a4acfee86be7ebdd6d1bbbf32d3022c3d
-
SHA512
76805fb767317fb33b5ed757ac6ee4010f89207221dddd08e37048e9e126d7459e8895be21a30c8032a491ac839e5dfd3c91a390572f827547665f1dabd6fc12
-
SSDEEP
6144:swW8yscx1kmW3TaW8a1m/2amPH9KNjzkY5xtEQD+Gx:LyNxKIW8nJ
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-
Drops file in System32 directory
-