General
-
Target
b65f9a85fa52ea4a6c8e1c703cfc0d16f2101a6bbe82e953142c22471febe0d6
-
Size
543KB
-
Sample
221125-pm8e6sbe9w
-
MD5
c3df04ac5a1a56bcba1540b19d7dbcbe
-
SHA1
5dbec40f26acb54d7d741af50255398ad4ff2361
-
SHA256
b65f9a85fa52ea4a6c8e1c703cfc0d16f2101a6bbe82e953142c22471febe0d6
-
SHA512
45d6f83dfda93bd307fd25815740a54d06ff8a95ca8ec5fa6fecf17d929c36c33b2dbf4b5783be0d1a37cf4d7778f7bb53c5a7f451fd00e582a6909a084b27e4
-
SSDEEP
6144:KqYG79Blo6G/EIva2/m8CpUCWZuhAY0eyYuF8nkisYDcANpLLXWuM4AIY0:Pxjod/EM/mFpZzALIbsYZpu54AIX
Static task
static1
Behavioral task
behavioral1
Sample
b65f9a85fa52ea4a6c8e1c703cfc0d16f2101a6bbe82e953142c22471febe0d6.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
b65f9a85fa52ea4a6c8e1c703cfc0d16f2101a6bbe82e953142c22471febe0d6.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
b65f9a85fa52ea4a6c8e1c703cfc0d16f2101a6bbe82e953142c22471febe0d6
-
Size
543KB
-
MD5
c3df04ac5a1a56bcba1540b19d7dbcbe
-
SHA1
5dbec40f26acb54d7d741af50255398ad4ff2361
-
SHA256
b65f9a85fa52ea4a6c8e1c703cfc0d16f2101a6bbe82e953142c22471febe0d6
-
SHA512
45d6f83dfda93bd307fd25815740a54d06ff8a95ca8ec5fa6fecf17d929c36c33b2dbf4b5783be0d1a37cf4d7778f7bb53c5a7f451fd00e582a6909a084b27e4
-
SSDEEP
6144:KqYG79Blo6G/EIva2/m8CpUCWZuhAY0eyYuF8nkisYDcANpLLXWuM4AIY0:Pxjod/EM/mFpZzALIbsYZpu54AIX
Score10/10-
Modifies WinLogon for persistence
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-