General
-
Target
77e8c9237e35d00f33774f5aebd37606567b160ae615828796f372bf448a45be
-
Size
932KB
-
Sample
221124-d31jqahf6v
-
MD5
cbf6765e51d13344cb35aa29360e07e3
-
SHA1
31e94508068ac287116a802e7d9e9df110c7f2cf
-
SHA256
77e8c9237e35d00f33774f5aebd37606567b160ae615828796f372bf448a45be
-
SHA512
e0f70fccd9d0bdeb3547630550501af22943da9f1b18d5e83bc3f6981fef46b784f699f8f56c14bc7b6d30f01f39cbe5ab498aa4c2f58f169ad58c4f7e3c8a48
-
SSDEEP
24576:ZD1T+tIEhyZiEPVp+VSp2xsZ5/GAOIIYIG1cZIxv0XBN:l1TFv8EdTp7OAOIFZaZxz
Malware Config
Extracted
xtremerat
ftp.ftpserver.com
Targets
-
-
Target
77e8c9237e35d00f33774f5aebd37606567b160ae615828796f372bf448a45be
-
Size
932KB
-
MD5
cbf6765e51d13344cb35aa29360e07e3
-
SHA1
31e94508068ac287116a802e7d9e9df110c7f2cf
-
SHA256
77e8c9237e35d00f33774f5aebd37606567b160ae615828796f372bf448a45be
-
SHA512
e0f70fccd9d0bdeb3547630550501af22943da9f1b18d5e83bc3f6981fef46b784f699f8f56c14bc7b6d30f01f39cbe5ab498aa4c2f58f169ad58c4f7e3c8a48
-
SSDEEP
24576:ZD1T+tIEhyZiEPVp+VSp2xsZ5/GAOIIYIG1cZIxv0XBN:l1TFv8EdTp7OAOIFZaZxz
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-