General
-
Target
d24fb936751180bc70cacf97c43ec75082c94213451d624f4787a30c84ee4e38
-
Size
328KB
-
Sample
221125-s3lswsca2s
-
MD5
d5205d99667a7463991311ba1d86fbbc
-
SHA1
02449a330e4f0c1d499581a89a6cef3b6a719ee0
-
SHA256
d24fb936751180bc70cacf97c43ec75082c94213451d624f4787a30c84ee4e38
-
SHA512
8082fadbe2fe5a694f85a6f4c5a3a5a15e812bc47853246e2f63bec3a5c4b6a31c01fee077b4047fa09d1aaf4bda86395b361810b73b615b8ac362b44f9ba691
-
SSDEEP
6144:MuIlWqB+ihabs7Ch9KwyF5LeLodp2D1Mmakda0qLku0dCcKNUDkO:n6Wq4aaE6KwyF5L0Y2D1PqLXcu+kO
Behavioral task
behavioral1
Sample
d24fb936751180bc70cacf97c43ec75082c94213451d624f4787a30c84ee4e38.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
d24fb936751180bc70cacf97c43ec75082c94213451d624f4787a30c84ee4e38.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
xtremerat
藈㶮က蠀C:\windrap1215.servemp3.com
Targets
-
-
Target
d24fb936751180bc70cacf97c43ec75082c94213451d624f4787a30c84ee4e38
-
Size
328KB
-
MD5
d5205d99667a7463991311ba1d86fbbc
-
SHA1
02449a330e4f0c1d499581a89a6cef3b6a719ee0
-
SHA256
d24fb936751180bc70cacf97c43ec75082c94213451d624f4787a30c84ee4e38
-
SHA512
8082fadbe2fe5a694f85a6f4c5a3a5a15e812bc47853246e2f63bec3a5c4b6a31c01fee077b4047fa09d1aaf4bda86395b361810b73b615b8ac362b44f9ba691
-
SSDEEP
6144:MuIlWqB+ihabs7Ch9KwyF5LeLodp2D1Mmakda0qLku0dCcKNUDkO:n6Wq4aaE6KwyF5L0Y2D1PqLXcu+kO
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-