General
-
Target
d50aa22618e547ef5b0f05cdd694d57cd54554b0c8e3cb4b88c085d1d278bc20
-
Size
188KB
-
Sample
221123-3z7ajaha41
-
MD5
43c75cbb2809f5d7aab9f58e0784f018
-
SHA1
481e0b2a1a2d20d7977cb0ec2cf21a60ff3322d5
-
SHA256
d50aa22618e547ef5b0f05cdd694d57cd54554b0c8e3cb4b88c085d1d278bc20
-
SHA512
eb218b9d66110f7a0533041ea4247bcd0beba64015b38317befaa4f60498c7dc2d6c5a15e7ddfdeef14d1f42fc850ec01cbc230d99bd902831ea3924a4fe4454
-
SSDEEP
3072:t9tN1Gs6kWVUzLZPsR7Uj30PlmaiKVOdHYxcvSbxlPH9kkEVSJj16b0s:tXNwszWuZPET9maVQHY9PPH9Gcn6Z
Static task
static1
Behavioral task
behavioral1
Sample
d50aa22618e547ef5b0f05cdd694d57cd54554b0c8e3cb4b88c085d1d278bc20.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
d50aa22618e547ef5b0f05cdd694d57cd54554b0c8e3cb4b88c085d1d278bc20.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
xtremerat
apple.servehttp.com
Targets
-
-
Target
d50aa22618e547ef5b0f05cdd694d57cd54554b0c8e3cb4b88c085d1d278bc20
-
Size
188KB
-
MD5
43c75cbb2809f5d7aab9f58e0784f018
-
SHA1
481e0b2a1a2d20d7977cb0ec2cf21a60ff3322d5
-
SHA256
d50aa22618e547ef5b0f05cdd694d57cd54554b0c8e3cb4b88c085d1d278bc20
-
SHA512
eb218b9d66110f7a0533041ea4247bcd0beba64015b38317befaa4f60498c7dc2d6c5a15e7ddfdeef14d1f42fc850ec01cbc230d99bd902831ea3924a4fe4454
-
SSDEEP
3072:t9tN1Gs6kWVUzLZPsR7Uj30PlmaiKVOdHYxcvSbxlPH9kkEVSJj16b0s:tXNwszWuZPET9maVQHY9PPH9Gcn6Z
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-