General
-
Target
df99c9b15fa52468a639c6b488d71041c3259b04a9713531996a2c0235326a99
-
Size
21KB
-
Sample
221124-d3x4lahf5x
-
MD5
86956c0ee2b0aef3f31788c3f86d56d6
-
SHA1
2ffd2c08ba51c6f9898a56d34b1fb0ad76b4654b
-
SHA256
df99c9b15fa52468a639c6b488d71041c3259b04a9713531996a2c0235326a99
-
SHA512
3d0af6dc90f4bc626b63de11b0b0018b9adfd49091659cd52cd88f572b389ea0501bd56ec771ddaa54e8b8ea3743455a1f5da84f93edcc7931dcb5d03f57bb79
-
SSDEEP
384:QlIdmF+TXCsj0DOgEm6/glRXC+MGCIe/fobROTinQP8NRLR:QlIsF8ysqjGWyjkCgRO0ya
Behavioral task
behavioral1
Sample
df99c9b15fa52468a639c6b488d71041c3259b04a9713531996a2c0235326a99.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
df99c9b15fa52468a639c6b488d71041c3259b04a9713531996a2c0235326a99.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
xtremerat
kobani11.no-ip.org
Targets
-
-
Target
df99c9b15fa52468a639c6b488d71041c3259b04a9713531996a2c0235326a99
-
Size
21KB
-
MD5
86956c0ee2b0aef3f31788c3f86d56d6
-
SHA1
2ffd2c08ba51c6f9898a56d34b1fb0ad76b4654b
-
SHA256
df99c9b15fa52468a639c6b488d71041c3259b04a9713531996a2c0235326a99
-
SHA512
3d0af6dc90f4bc626b63de11b0b0018b9adfd49091659cd52cd88f572b389ea0501bd56ec771ddaa54e8b8ea3743455a1f5da84f93edcc7931dcb5d03f57bb79
-
SSDEEP
384:QlIdmF+TXCsj0DOgEm6/glRXC+MGCIe/fobROTinQP8NRLR:QlIsF8ysqjGWyjkCgRO0ya
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-