General
-
Target
e0a2a6b00cb1e9478498809723e046fbebd3a3ed5cd8d49777c83afb82da78bf
-
Size
98KB
-
Sample
221125-hp2l3shd76
-
MD5
f1741ef33fd9026b6fbe1c691ac81f39
-
SHA1
fa8d7f051d45ee1252f6e056ea02bb160aa09ddf
-
SHA256
e0a2a6b00cb1e9478498809723e046fbebd3a3ed5cd8d49777c83afb82da78bf
-
SHA512
ed467385a7474caa61fda6059ac6acc8b72eea23724ccc26a8d98a3fc6f4479ee3e3eecf519b7cbd7b5f81793bd7992f7021853ce09caa78cf4fcfb796b8c423
-
SSDEEP
3072:KUS9TqHXJ6vsAFmQUa086nn4Z+AgVtHUgzl:KKHG0Y8rn0gz
Static task
static1
Behavioral task
behavioral1
Sample
e0a2a6b00cb1e9478498809723e046fbebd3a3ed5cd8d49777c83afb82da78bf.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
e0a2a6b00cb1e9478498809723e046fbebd3a3ed5cd8d49777c83afb82da78bf.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
xtremerat
tron.3d-game.com
Targets
-
-
Target
e0a2a6b00cb1e9478498809723e046fbebd3a3ed5cd8d49777c83afb82da78bf
-
Size
98KB
-
MD5
f1741ef33fd9026b6fbe1c691ac81f39
-
SHA1
fa8d7f051d45ee1252f6e056ea02bb160aa09ddf
-
SHA256
e0a2a6b00cb1e9478498809723e046fbebd3a3ed5cd8d49777c83afb82da78bf
-
SHA512
ed467385a7474caa61fda6059ac6acc8b72eea23724ccc26a8d98a3fc6f4479ee3e3eecf519b7cbd7b5f81793bd7992f7021853ce09caa78cf4fcfb796b8c423
-
SSDEEP
3072:KUS9TqHXJ6vsAFmQUa086nn4Z+AgVtHUgzl:KKHG0Y8rn0gz
Score10/10-
Detect XtremeRAT payload
-
Modifies WinLogon for persistence
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Adds policy Run key to start application
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-