General
-
Target
5de44eb25e2d369e5f8741b2c9cd38b206dc0509843f82ecbdd0e6b22751a115
-
Size
75KB
-
Sample
221123-3mp6gscg73
-
MD5
44849a4fcbdfb3bffd8278a604b9f5f3
-
SHA1
b659e99bcb83ebef6bb4de55ea166ec5b7b0d8aa
-
SHA256
5de44eb25e2d369e5f8741b2c9cd38b206dc0509843f82ecbdd0e6b22751a115
-
SHA512
e28ecd335f5591a1e77f590058baf4d25c5cbc08ea156be03f0ca9a4de340785515dbbe97c230944d10fec3984d04a64a67bec64827c212fe6707337ed8b9558
-
SSDEEP
768:jq/sRc77k+TNQGSWbgLa1pSqWYjNtI/7OYpu/lj3Yle7mWx4:LRc77dBKLaPjHI/7nMke7rx4
Static task
static1
Behavioral task
behavioral1
Sample
5de44eb25e2d369e5f8741b2c9cd38b206dc0509843f82ecbdd0e6b22751a115.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
5de44eb25e2d369e5f8741b2c9cd38b206dc0509843f82ecbdd0e6b22751a115.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
xtremerat
baloobadjamel.hopto.org
Targets
-
-
Target
5de44eb25e2d369e5f8741b2c9cd38b206dc0509843f82ecbdd0e6b22751a115
-
Size
75KB
-
MD5
44849a4fcbdfb3bffd8278a604b9f5f3
-
SHA1
b659e99bcb83ebef6bb4de55ea166ec5b7b0d8aa
-
SHA256
5de44eb25e2d369e5f8741b2c9cd38b206dc0509843f82ecbdd0e6b22751a115
-
SHA512
e28ecd335f5591a1e77f590058baf4d25c5cbc08ea156be03f0ca9a4de340785515dbbe97c230944d10fec3984d04a64a67bec64827c212fe6707337ed8b9558
-
SSDEEP
768:jq/sRc77k+TNQGSWbgLa1pSqWYjNtI/7OYpu/lj3Yle7mWx4:LRc77dBKLaPjHI/7nMke7rx4
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Modifies Installed Components in the registry
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-