General
-
Target
89cb356a03d19529af7b3ce8437c1339d7171a2d7239a6f63dc5d0105c3b29e7
-
Size
490KB
-
Sample
221125-rmgnkadd37
-
MD5
1cadb5225ab18c0ef03ae571b1784087
-
SHA1
40a62eba4fa73b7cfeb8bd4b7cfc64fc7042cde1
-
SHA256
89cb356a03d19529af7b3ce8437c1339d7171a2d7239a6f63dc5d0105c3b29e7
-
SHA512
c4d2f0612307628e2e40c5b39b93281fedce92bae26bba0c80a3e5f0039502f9cd75f558f823e3e45f195f1efd4baee88419febcab894a02f02725cd5a96661a
-
SSDEEP
12288:4JjWl4tbn/0/n3vC8EOVg7d6UBsOjX0hmLXBconfaps6IOElix90g:siGtT/0/vC8EOVgB6UKOjkhsxconfcbX
Malware Config
Targets
-
-
Target
89cb356a03d19529af7b3ce8437c1339d7171a2d7239a6f63dc5d0105c3b29e7
-
Size
490KB
-
MD5
1cadb5225ab18c0ef03ae571b1784087
-
SHA1
40a62eba4fa73b7cfeb8bd4b7cfc64fc7042cde1
-
SHA256
89cb356a03d19529af7b3ce8437c1339d7171a2d7239a6f63dc5d0105c3b29e7
-
SHA512
c4d2f0612307628e2e40c5b39b93281fedce92bae26bba0c80a3e5f0039502f9cd75f558f823e3e45f195f1efd4baee88419febcab894a02f02725cd5a96661a
-
SSDEEP
12288:4JjWl4tbn/0/n3vC8EOVg7d6UBsOjX0hmLXBconfaps6IOElix90g:siGtT/0/vC8EOVgB6UKOjkhsxconfcbX
Score10/10-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-