General
-
Target
5c5f517068959cb1ec7a7c995727680646c83c69efe5c8ae9a629edd67fbb9a1
-
Size
515KB
-
Sample
221125-pv1qascb4z
-
MD5
066dd80d4b026fb182eb1fab64971ee1
-
SHA1
f97b97883304ee4fbeeefd4d247c13b8e0a02516
-
SHA256
5c5f517068959cb1ec7a7c995727680646c83c69efe5c8ae9a629edd67fbb9a1
-
SHA512
854e01365b77cf07c3535df7beed4af28f36d510d6deb3514e47eba32e7a01351e6d27ddc9b8baf4558c91180edc718fee10f5df045f81b590c9d89aedf82065
-
SSDEEP
12288:iBDNRR3byG8UrHl+WGmEsdh+DCkbFX93yRotNNpbcqrthv5xq:iBDNRR3byGtFBGZJCkbFXIyNpbcqt
Malware Config
Targets
-
-
Target
5c5f517068959cb1ec7a7c995727680646c83c69efe5c8ae9a629edd67fbb9a1
-
Size
515KB
-
MD5
066dd80d4b026fb182eb1fab64971ee1
-
SHA1
f97b97883304ee4fbeeefd4d247c13b8e0a02516
-
SHA256
5c5f517068959cb1ec7a7c995727680646c83c69efe5c8ae9a629edd67fbb9a1
-
SHA512
854e01365b77cf07c3535df7beed4af28f36d510d6deb3514e47eba32e7a01351e6d27ddc9b8baf4558c91180edc718fee10f5df045f81b590c9d89aedf82065
-
SSDEEP
12288:iBDNRR3byG8UrHl+WGmEsdh+DCkbFX93yRotNNpbcqrthv5xq:iBDNRR3byGtFBGZJCkbFXIyNpbcqt
Score10/10-
Modifies WinLogon for persistence
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Adds policy Run key to start application
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-