General
-
Target
861ea0e7eb60c9036ee195825f14062347af99c431cb92be2523af566f794ab2
-
Size
920KB
-
Sample
221124-d3zmeshf51
-
MD5
a6424cb2dc93f49f745ce9f799063583
-
SHA1
bbc2b029048ab645224e4549215f5037e3a88ca0
-
SHA256
861ea0e7eb60c9036ee195825f14062347af99c431cb92be2523af566f794ab2
-
SHA512
587cde8583a4bc82a62d36e1e54372eda1bfffa211a6c81b20ac442ffd6dd3be007fffc9063549b85f6fb6f55739baf4145a841c3bc05b0ed8065f867580d0bb
-
SSDEEP
24576:nsNQ0Pn0kglhVLbAP7+m65XioDg0S0hQ3:920rFLbC6hieg0S08
Static task
static1
Behavioral task
behavioral1
Sample
861ea0e7eb60c9036ee195825f14062347af99c431cb92be2523af566f794ab2.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
861ea0e7eb60c9036ee195825f14062347af99c431cb92be2523af566f794ab2
-
Size
920KB
-
MD5
a6424cb2dc93f49f745ce9f799063583
-
SHA1
bbc2b029048ab645224e4549215f5037e3a88ca0
-
SHA256
861ea0e7eb60c9036ee195825f14062347af99c431cb92be2523af566f794ab2
-
SHA512
587cde8583a4bc82a62d36e1e54372eda1bfffa211a6c81b20ac442ffd6dd3be007fffc9063549b85f6fb6f55739baf4145a841c3bc05b0ed8065f867580d0bb
-
SSDEEP
24576:nsNQ0Pn0kglhVLbAP7+m65XioDg0S0hQ3:920rFLbC6hieg0S08
-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-