General
-
Target
0c83b42fd3f9fb9a44a9feb18b690973c8fd7a3bde0fd8a47eb478e748947221
-
Size
876KB
-
Sample
221123-3hs2ksff9t
-
MD5
4ae275670844065c23d70ade5a1f6e62
-
SHA1
18155edbe27307eee8bfeaf58e3c3884437b1bb8
-
SHA256
0c83b42fd3f9fb9a44a9feb18b690973c8fd7a3bde0fd8a47eb478e748947221
-
SHA512
523444b5b22bb82d31afd91cc6434f893e0f337ea07a04be234ecb59d2db4f0c0372f7b107b8190fe6d2daf0b2fd3913882ab0fdbf1420e229b2bf7ec303cefd
-
SSDEEP
24576:Nkk96WyWi+v6XiEAvXgRZ5IeRFkApvl/+ga5AJeKBuY:N99eWi+C1AvER3kqvtLwAnBT
Static task
static1
Behavioral task
behavioral1
Sample
0c83b42fd3f9fb9a44a9feb18b690973c8fd7a3bde0fd8a47eb478e748947221.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
0c83b42fd3f9fb9a44a9feb18b690973c8fd7a3bde0fd8a47eb478e748947221.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
xtremerat
qosai.no-ip.org
Targets
-
-
Target
0c83b42fd3f9fb9a44a9feb18b690973c8fd7a3bde0fd8a47eb478e748947221
-
Size
876KB
-
MD5
4ae275670844065c23d70ade5a1f6e62
-
SHA1
18155edbe27307eee8bfeaf58e3c3884437b1bb8
-
SHA256
0c83b42fd3f9fb9a44a9feb18b690973c8fd7a3bde0fd8a47eb478e748947221
-
SHA512
523444b5b22bb82d31afd91cc6434f893e0f337ea07a04be234ecb59d2db4f0c0372f7b107b8190fe6d2daf0b2fd3913882ab0fdbf1420e229b2bf7ec303cefd
-
SSDEEP
24576:Nkk96WyWi+v6XiEAvXgRZ5IeRFkApvl/+ga5AJeKBuY:N99eWi+C1AvER3kqvtLwAnBT
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-