General
-
Target
96fff1d8e819a6f87c10e54b7c14caa75965e5eacd6b6e260f998f6c87ce9b84
-
Size
984KB
-
Sample
221124-1vh12afa81
-
MD5
6edee3f6a9eee3733d27991a3a6d5608
-
SHA1
47eb27c4e6f1e86e45eedd63f744aa7c426b3918
-
SHA256
96fff1d8e819a6f87c10e54b7c14caa75965e5eacd6b6e260f998f6c87ce9b84
-
SHA512
ae4e927c5d808292359b34eacf44ebc0d0ecf107c60e209555afaf596ff17d19acced2195229c8eca214dc4320739ef68cf9087182f89dd65a31e248f84255de
-
SSDEEP
24576:YN74AuHCuqcpjN0Va63ViVIOqccf5RTNRXkdOGObsOm:mMAICuqcv0wNIvVN9kdOGObZm
Static task
static1
Behavioral task
behavioral1
Sample
96fff1d8e819a6f87c10e54b7c14caa75965e5eacd6b6e260f998f6c87ce9b84.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
96fff1d8e819a6f87c10e54b7c14caa75965e5eacd6b6e260f998f6c87ce9b84.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
96fff1d8e819a6f87c10e54b7c14caa75965e5eacd6b6e260f998f6c87ce9b84
-
Size
984KB
-
MD5
6edee3f6a9eee3733d27991a3a6d5608
-
SHA1
47eb27c4e6f1e86e45eedd63f744aa7c426b3918
-
SHA256
96fff1d8e819a6f87c10e54b7c14caa75965e5eacd6b6e260f998f6c87ce9b84
-
SHA512
ae4e927c5d808292359b34eacf44ebc0d0ecf107c60e209555afaf596ff17d19acced2195229c8eca214dc4320739ef68cf9087182f89dd65a31e248f84255de
-
SSDEEP
24576:YN74AuHCuqcpjN0Va63ViVIOqccf5RTNRXkdOGObsOm:mMAICuqcv0wNIvVN9kdOGObZm
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-