General
-
Target
1920d2d779f35775563fab909cb58a89e1befee4cc91ba4c6eb636917a805a1a
-
Size
1004KB
-
Sample
221125-e21zjaef6w
-
MD5
ac9f763e91e7a45b541cc5d46947e9db
-
SHA1
ea043d1326925faf827e529ccb304281b9137914
-
SHA256
1920d2d779f35775563fab909cb58a89e1befee4cc91ba4c6eb636917a805a1a
-
SHA512
e3ab77da18869d9a5908aeec2acd49809c3062c5617f09d06d74228ba5d37be8741dcdfbbcbc549c99ad5ac03fb4fceceade7cf32a1733f2af4561d184ea17a4
-
SSDEEP
24576:Yb9mF2c+YdlItkGOinouiRYm1I1y4sIfDTSoUA+stJXVmaip9wV:g46YnEkgoim8s0est11V
Malware Config
Targets
-
-
Target
1920d2d779f35775563fab909cb58a89e1befee4cc91ba4c6eb636917a805a1a
-
Size
1004KB
-
MD5
ac9f763e91e7a45b541cc5d46947e9db
-
SHA1
ea043d1326925faf827e529ccb304281b9137914
-
SHA256
1920d2d779f35775563fab909cb58a89e1befee4cc91ba4c6eb636917a805a1a
-
SHA512
e3ab77da18869d9a5908aeec2acd49809c3062c5617f09d06d74228ba5d37be8741dcdfbbcbc549c99ad5ac03fb4fceceade7cf32a1733f2af4561d184ea17a4
-
SSDEEP
24576:Yb9mF2c+YdlItkGOinouiRYm1I1y4sIfDTSoUA+stJXVmaip9wV:g46YnEkgoim8s0est11V
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-