General
-
Target
cfda7f297276d61aea2a64447e97237504b4e87fea2543d968a97d02d59c46c4
-
Size
646KB
-
Sample
221124-bw9gyaaa57
-
MD5
fac9fe795014ff2760a485836bce4f3e
-
SHA1
1a00b3edc541d3514a2b5efef2e9dcfd7c34160a
-
SHA256
cfda7f297276d61aea2a64447e97237504b4e87fea2543d968a97d02d59c46c4
-
SHA512
a3edf1ab89629a3278f7197f576d37163236cb93e01df511ac686b0d2b0bd6ef65a839387e43d9aebce7e57a72c407b3b791859632ce95880b44a12989192209
-
SSDEEP
12288:FmdibbI6DagCtX2UGsSjP+Yw0ODICU9jZ8Y7W4tJX:s3o+m/nPOD4f8YCsX
Static task
static1
Behavioral task
behavioral1
Sample
cfda7f297276d61aea2a64447e97237504b4e87fea2543d968a97d02d59c46c4.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
cfda7f297276d61aea2a64447e97237504b4e87fea2543d968a97d02d59c46c4.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
cfda7f297276d61aea2a64447e97237504b4e87fea2543d968a97d02d59c46c4
-
Size
646KB
-
MD5
fac9fe795014ff2760a485836bce4f3e
-
SHA1
1a00b3edc541d3514a2b5efef2e9dcfd7c34160a
-
SHA256
cfda7f297276d61aea2a64447e97237504b4e87fea2543d968a97d02d59c46c4
-
SHA512
a3edf1ab89629a3278f7197f576d37163236cb93e01df511ac686b0d2b0bd6ef65a839387e43d9aebce7e57a72c407b3b791859632ce95880b44a12989192209
-
SSDEEP
12288:FmdibbI6DagCtX2UGsSjP+Yw0ODICU9jZ8Y7W4tJX:s3o+m/nPOD4f8YCsX
Score10/10-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-