General
-
Target
efc70660f3245fd31ac838313e3acfe548c98d01e5d2f222e390dd93cf428d41
-
Size
586KB
-
Sample
221123-3w6jtsgg2t
-
MD5
54c94016cd16c8d60cf5d5438cafa901
-
SHA1
23e3269976ceddfe457a80720562a7c76d2b07bd
-
SHA256
efc70660f3245fd31ac838313e3acfe548c98d01e5d2f222e390dd93cf428d41
-
SHA512
7717ffb8f24ab0c6ba75021e1a9a2939dda95a48346feeaa2227fc5e9733e5c6527a28e17f8ba2a44c4a32ccbacce8b19c80459306b58c500d553fd8083469bd
-
SSDEEP
6144:T4dijU3/lFYgoHQG2IY/kWqOAJfy+morT4i4oz7JMHTozUVK+5EwqJjHgq:T+Mg4YMWYJfy2wFzuUcNw0jHg
Malware Config
Targets
-
-
Target
efc70660f3245fd31ac838313e3acfe548c98d01e5d2f222e390dd93cf428d41
-
Size
586KB
-
MD5
54c94016cd16c8d60cf5d5438cafa901
-
SHA1
23e3269976ceddfe457a80720562a7c76d2b07bd
-
SHA256
efc70660f3245fd31ac838313e3acfe548c98d01e5d2f222e390dd93cf428d41
-
SHA512
7717ffb8f24ab0c6ba75021e1a9a2939dda95a48346feeaa2227fc5e9733e5c6527a28e17f8ba2a44c4a32ccbacce8b19c80459306b58c500d553fd8083469bd
-
SSDEEP
6144:T4dijU3/lFYgoHQG2IY/kWqOAJfy+morT4i4oz7JMHTozUVK+5EwqJjHgq:T+Mg4YMWYJfy2wFzuUcNw0jHg
Score10/10-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-