General
-
Target
f02036dc1354e47bb1ed9f1b81a6626b01928a9f7dc24d24abd801f4ce5d657e
-
Size
996KB
-
Sample
221124-vqsrsacb4v
-
MD5
376830294e3248b64e3cc045379d866f
-
SHA1
da7c94266ae4703e1533b0bf55223c317b1e8dd4
-
SHA256
f02036dc1354e47bb1ed9f1b81a6626b01928a9f7dc24d24abd801f4ce5d657e
-
SHA512
b9b7d2f6cf171140cd0cb9c33f35be13ab2028ea852f52a16c3e361d65ccce5fb42dde74f4f53bfa6f536e9384d6709b80e3fed80c181dc0f7c48c110c90ca87
-
SSDEEP
24576:Ynp5kzfilDo0Vu5CZzTmgF9RS+gzEJeoGJ7ohnWepS3iG:QDaiDo0RzTbFgLoWD3z
Malware Config
Targets
-
-
Target
f02036dc1354e47bb1ed9f1b81a6626b01928a9f7dc24d24abd801f4ce5d657e
-
Size
996KB
-
MD5
376830294e3248b64e3cc045379d866f
-
SHA1
da7c94266ae4703e1533b0bf55223c317b1e8dd4
-
SHA256
f02036dc1354e47bb1ed9f1b81a6626b01928a9f7dc24d24abd801f4ce5d657e
-
SHA512
b9b7d2f6cf171140cd0cb9c33f35be13ab2028ea852f52a16c3e361d65ccce5fb42dde74f4f53bfa6f536e9384d6709b80e3fed80c181dc0f7c48c110c90ca87
-
SSDEEP
24576:Ynp5kzfilDo0Vu5CZzTmgF9RS+gzEJeoGJ7ohnWepS3iG:QDaiDo0RzTbFgLoWD3z
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-