General
-
Target
b50672ace6a1db5fd44b15f7b3371593fa1ca3db8252f5c6554c92b7b12e8e5d
-
Size
555KB
-
Sample
221124-aam65sdg88
-
MD5
9f5f5c8fe620087d70fd743a2ab21c99
-
SHA1
ceda310cff34f3eae469c0182514a3fdcb537b96
-
SHA256
b50672ace6a1db5fd44b15f7b3371593fa1ca3db8252f5c6554c92b7b12e8e5d
-
SHA512
65319052646c058fa9d14d0c6d14c6892db528f94a5d15ee9129772ca1c1e0ab33d31fb829655291d548761d2128efed08ad63c5fd5679901af8aa32882dc5a5
-
SSDEEP
12288:X6Wq4aaE6KwyF5L0Y2D1PqLUoyCSp89ZxK5xrc2Hc8:1thEVaPqLbyPpUxKTo8
Behavioral task
behavioral1
Sample
b50672ace6a1db5fd44b15f7b3371593fa1ca3db8252f5c6554c92b7b12e8e5d.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
b50672ace6a1db5fd44b15f7b3371593fa1ca3db8252f5c6554c92b7b12e8e5d.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
xtremerat
rap1215.servemp3.com
Targets
-
-
Target
b50672ace6a1db5fd44b15f7b3371593fa1ca3db8252f5c6554c92b7b12e8e5d
-
Size
555KB
-
MD5
9f5f5c8fe620087d70fd743a2ab21c99
-
SHA1
ceda310cff34f3eae469c0182514a3fdcb537b96
-
SHA256
b50672ace6a1db5fd44b15f7b3371593fa1ca3db8252f5c6554c92b7b12e8e5d
-
SHA512
65319052646c058fa9d14d0c6d14c6892db528f94a5d15ee9129772ca1c1e0ab33d31fb829655291d548761d2128efed08ad63c5fd5679901af8aa32882dc5a5
-
SSDEEP
12288:X6Wq4aaE6KwyF5L0Y2D1PqLUoyCSp89ZxK5xrc2Hc8:1thEVaPqLbyPpUxKTo8
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-