General
-
Target
396ffe37b73d3d8ca760aa6b834ec4efeef4841034ca53d50d435099abacba06
-
Size
81KB
-
Sample
221123-3hg93sce36
-
MD5
5281506fcf188cfcc5c781455fbcd8b0
-
SHA1
d24c06f680c9e02447102431706748a5ef29c03c
-
SHA256
396ffe37b73d3d8ca760aa6b834ec4efeef4841034ca53d50d435099abacba06
-
SHA512
dac0636f3658834f079c253127e39382be8265044eed293ecd7415aafd2c1502a54026af14ad51c229b6b246e6cc5ff8bd1bcfc53f30cba4c149987b9997875c
-
SSDEEP
768:7Br+tjFqTPkAlfztB1lr6an3smTA8uvm2SzosAeEeU2FMQnrTx0LZu:VyRUHlrL1lr6an3TLuvm2eohr6MQreZ
Behavioral task
behavioral1
Sample
396ffe37b73d3d8ca760aa6b834ec4efeef4841034ca53d50d435099abacba06.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
396ffe37b73d3d8ca760aa6b834ec4efeef4841034ca53d50d435099abacba06.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
xtremerat
saiddz.no-ip.info
Targets
-
-
Target
396ffe37b73d3d8ca760aa6b834ec4efeef4841034ca53d50d435099abacba06
-
Size
81KB
-
MD5
5281506fcf188cfcc5c781455fbcd8b0
-
SHA1
d24c06f680c9e02447102431706748a5ef29c03c
-
SHA256
396ffe37b73d3d8ca760aa6b834ec4efeef4841034ca53d50d435099abacba06
-
SHA512
dac0636f3658834f079c253127e39382be8265044eed293ecd7415aafd2c1502a54026af14ad51c229b6b246e6cc5ff8bd1bcfc53f30cba4c149987b9997875c
-
SSDEEP
768:7Br+tjFqTPkAlfztB1lr6an3smTA8uvm2SzosAeEeU2FMQnrTx0LZu:VyRUHlrL1lr6an3TLuvm2eohr6MQreZ
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-