General
-
Target
976b1396d47b9a779ea9ae13bbdbea849b52b99eebf6283b87a131652bb0abc1
-
Size
980KB
-
Sample
221124-1txsssbh75
-
MD5
8ee88bdcb3c3fb09c46627088f9e28e2
-
SHA1
faf8e93a3043a2e3686141cfb68877f8f33de08d
-
SHA256
976b1396d47b9a779ea9ae13bbdbea849b52b99eebf6283b87a131652bb0abc1
-
SHA512
ea6370412e3d11ec65ecb6960f3536d146f79b2362fdc65d6742f168be57b4d35849dfd74f54427a1e1e6761eb55ddbf83159c409c913472e033c0f316e6c1cb
-
SSDEEP
24576:YW/Rll6XzxqK04CmkA8YCzjp2J2mU391BW1mGb4p00/D:XllQzx1mlhY2m89kxk/D
Malware Config
Targets
-
-
Target
976b1396d47b9a779ea9ae13bbdbea849b52b99eebf6283b87a131652bb0abc1
-
Size
980KB
-
MD5
8ee88bdcb3c3fb09c46627088f9e28e2
-
SHA1
faf8e93a3043a2e3686141cfb68877f8f33de08d
-
SHA256
976b1396d47b9a779ea9ae13bbdbea849b52b99eebf6283b87a131652bb0abc1
-
SHA512
ea6370412e3d11ec65ecb6960f3536d146f79b2362fdc65d6742f168be57b4d35849dfd74f54427a1e1e6761eb55ddbf83159c409c913472e033c0f316e6c1cb
-
SSDEEP
24576:YW/Rll6XzxqK04CmkA8YCzjp2J2mU391BW1mGb4p00/D:XllQzx1mlhY2m89kxk/D
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-