General
-
Target
784760025ab16be9cb04f1a5aed2dfbf46c1a3a5bf9415854c40975972ff6087
-
Size
984KB
-
Sample
221124-3jb5fsag8x
-
MD5
b9c359c50e9eae0510f482e9beb70a22
-
SHA1
e8557e38f7c292847fc17c890f55d2e7d38053c8
-
SHA256
784760025ab16be9cb04f1a5aed2dfbf46c1a3a5bf9415854c40975972ff6087
-
SHA512
517ca9aa7c12c3d159e9ad1ff52724d9f0d6ab1c3455043833ad13d0107adfbb8c76569ea7a1217fb107ade3019f0ccb19582226c8aac593c12dfa25f3708ddc
-
SSDEEP
12288:YMXh9i82/wsLLC67/gjiMx585zHcF0CkoHYM0pk/bHLkXC7XrT4iiHyk7DHChxtg:YMxg/ZCu5oFZiM7DQXEd9ODHChXjHuyO
Malware Config
Targets
-
-
Target
784760025ab16be9cb04f1a5aed2dfbf46c1a3a5bf9415854c40975972ff6087
-
Size
984KB
-
MD5
b9c359c50e9eae0510f482e9beb70a22
-
SHA1
e8557e38f7c292847fc17c890f55d2e7d38053c8
-
SHA256
784760025ab16be9cb04f1a5aed2dfbf46c1a3a5bf9415854c40975972ff6087
-
SHA512
517ca9aa7c12c3d159e9ad1ff52724d9f0d6ab1c3455043833ad13d0107adfbb8c76569ea7a1217fb107ade3019f0ccb19582226c8aac593c12dfa25f3708ddc
-
SSDEEP
12288:YMXh9i82/wsLLC67/gjiMx585zHcF0CkoHYM0pk/bHLkXC7XrT4iiHyk7DHChxtg:YMxg/ZCu5oFZiM7DQXEd9ODHChXjHuyO
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-