General
-
Target
cfc440d88a6d4f34035e9a9b2cbe63e5628f01f0e893370cd66cdd9c9725e359
-
Size
980KB
-
Sample
221124-xl3sasga2z
-
MD5
409a8d80d84aa23fedb10b49160051d9
-
SHA1
4aa47235e60cfc78040360e9840c2f9a55f0d67a
-
SHA256
cfc440d88a6d4f34035e9a9b2cbe63e5628f01f0e893370cd66cdd9c9725e359
-
SHA512
2ebcba46759db8efff11490d2771057e9119ca6273fbc38f5a53b13916639d01532672620d9d27f2d9e5f221c48c2b45869fb8362a93d849eef7b18404dcab3a
-
SSDEEP
24576:YTLHLXccWMukmi4AQ7CsVbqQr/kV8u69fUg:QLMBRuQus/4V8uib
Static task
static1
Behavioral task
behavioral1
Sample
cfc440d88a6d4f34035e9a9b2cbe63e5628f01f0e893370cd66cdd9c9725e359.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
cfc440d88a6d4f34035e9a9b2cbe63e5628f01f0e893370cd66cdd9c9725e359.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
cfc440d88a6d4f34035e9a9b2cbe63e5628f01f0e893370cd66cdd9c9725e359
-
Size
980KB
-
MD5
409a8d80d84aa23fedb10b49160051d9
-
SHA1
4aa47235e60cfc78040360e9840c2f9a55f0d67a
-
SHA256
cfc440d88a6d4f34035e9a9b2cbe63e5628f01f0e893370cd66cdd9c9725e359
-
SHA512
2ebcba46759db8efff11490d2771057e9119ca6273fbc38f5a53b13916639d01532672620d9d27f2d9e5f221c48c2b45869fb8362a93d849eef7b18404dcab3a
-
SSDEEP
24576:YTLHLXccWMukmi4AQ7CsVbqQr/kV8u69fUg:QLMBRuQus/4V8uib
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-