General
-
Target
8c90518f43f6273b16f48630afdfe49f3398f35f1d63220f2cf2a7f5874fb7f0
-
Size
908KB
-
Sample
221124-d3y1wshf5z
-
MD5
a7f9a55bffbeaac8a96a78f0bf868137
-
SHA1
5fc051b9cf2c110b190aaff637f49dbe9897354e
-
SHA256
8c90518f43f6273b16f48630afdfe49f3398f35f1d63220f2cf2a7f5874fb7f0
-
SHA512
fa4178e8ab52b0c8c7d7928f37bf7b8853f8565034e85071c9e5380e93c0eea7a0f2ce12a9443e74b7c0ffb215490a70e5f015eb3dbd0af9029d22080c42bec7
-
SSDEEP
24576:0Qe4AbjVrgl03QH+NswNglXQ+5Rwn2Vc6hii:A4QjVra0I+6WKxwn2V9hN
Static task
static1
Behavioral task
behavioral1
Sample
8c90518f43f6273b16f48630afdfe49f3398f35f1d63220f2cf2a7f5874fb7f0.exe
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
8c90518f43f6273b16f48630afdfe49f3398f35f1d63220f2cf2a7f5874fb7f0
-
Size
908KB
-
MD5
a7f9a55bffbeaac8a96a78f0bf868137
-
SHA1
5fc051b9cf2c110b190aaff637f49dbe9897354e
-
SHA256
8c90518f43f6273b16f48630afdfe49f3398f35f1d63220f2cf2a7f5874fb7f0
-
SHA512
fa4178e8ab52b0c8c7d7928f37bf7b8853f8565034e85071c9e5380e93c0eea7a0f2ce12a9443e74b7c0ffb215490a70e5f015eb3dbd0af9029d22080c42bec7
-
SSDEEP
24576:0Qe4AbjVrgl03QH+NswNglXQ+5Rwn2Vc6hii:A4QjVra0I+6WKxwn2V9hN
-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-