General
-
Target
846b3f1522c68578f04fb68b210492627893479021a243b5df448a78bc63e560
-
Size
698KB
-
Sample
221123-q4c62aaf4x
-
MD5
adf1f2cfd32c1e295965d5c1ccc5f77c
-
SHA1
6771f86fdb99b7c89b3274405d297346f86633b4
-
SHA256
846b3f1522c68578f04fb68b210492627893479021a243b5df448a78bc63e560
-
SHA512
7eb514fc297a86a3e4f691d44c10fae698255798c7e5b4f90db453e79dde8ee3ad59783fc3c34354a1ff0bf7cc8697a0b9d039e25821f33f75cae70150323fd3
-
SSDEEP
6144:7LbQJpSvFg8XfhHRZK8Y6XcfefT+OR+t4x55+flOwql97zYPQqcLLBQi8nv2hzVC:7HQJl63+G5OOwqLcPL0Bs2yhQRk0rbw
Static task
static1
Behavioral task
behavioral1
Sample
846b3f1522c68578f04fb68b210492627893479021a243b5df448a78bc63e560.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
846b3f1522c68578f04fb68b210492627893479021a243b5df448a78bc63e560.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
846b3f1522c68578f04fb68b210492627893479021a243b5df448a78bc63e560
-
Size
698KB
-
MD5
adf1f2cfd32c1e295965d5c1ccc5f77c
-
SHA1
6771f86fdb99b7c89b3274405d297346f86633b4
-
SHA256
846b3f1522c68578f04fb68b210492627893479021a243b5df448a78bc63e560
-
SHA512
7eb514fc297a86a3e4f691d44c10fae698255798c7e5b4f90db453e79dde8ee3ad59783fc3c34354a1ff0bf7cc8697a0b9d039e25821f33f75cae70150323fd3
-
SSDEEP
6144:7LbQJpSvFg8XfhHRZK8Y6XcfefT+OR+t4x55+flOwql97zYPQqcLLBQi8nv2hzVC:7HQJl63+G5OOwqLcPL0Bs2yhQRk0rbw
Score10/10-
Modifies WinLogon for persistence
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-