General
-
Target
39ecc03892d92ca63c0393580cee198b7cdd3b6ce2be337aed947802c882753b
-
Size
519KB
-
Sample
221123-rxelyshg24
-
MD5
b1415073293fa408b8c1a31bdc34fcc4
-
SHA1
37642c6145a1f451c88b710b8573bca7afa7ba81
-
SHA256
39ecc03892d92ca63c0393580cee198b7cdd3b6ce2be337aed947802c882753b
-
SHA512
b48214ddc7006268a2c2f273602b70e45aca4e909025e44b41b890455e527f94bbf36796fac7e0b1af656cefdfab5d79dff85d31b14f310990bba0c72fddb25b
-
SSDEEP
12288:RnCOMDRxONM9eVXeHwv70Kd5hLVxKHx6KoUur6iQafK:RnCjDFHVKd5bKofhc
Static task
static1
Behavioral task
behavioral1
Sample
39ecc03892d92ca63c0393580cee198b7cdd3b6ce2be337aed947802c882753b.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
39ecc03892d92ca63c0393580cee198b7cdd3b6ce2be337aed947802c882753b.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
xtremerat
alertsdanish.bounceme.net
čalertsdanish.bounceme.net
Targets
-
-
Target
39ecc03892d92ca63c0393580cee198b7cdd3b6ce2be337aed947802c882753b
-
Size
519KB
-
MD5
b1415073293fa408b8c1a31bdc34fcc4
-
SHA1
37642c6145a1f451c88b710b8573bca7afa7ba81
-
SHA256
39ecc03892d92ca63c0393580cee198b7cdd3b6ce2be337aed947802c882753b
-
SHA512
b48214ddc7006268a2c2f273602b70e45aca4e909025e44b41b890455e527f94bbf36796fac7e0b1af656cefdfab5d79dff85d31b14f310990bba0c72fddb25b
-
SSDEEP
12288:RnCOMDRxONM9eVXeHwv70Kd5hLVxKHx6KoUur6iQafK:RnCjDFHVKd5bKofhc
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-