General
-
Target
c844b326d9151ac6606ef20410e1bcdcc26d1d0bbaeccfb97002199b19777ee7
-
Size
526KB
-
Sample
221125-szlcysbg2z
-
MD5
5109339d6fbcf467a9d50cd9e092c480
-
SHA1
819f1177d29584624eb9b1b9c219f550b068125b
-
SHA256
c844b326d9151ac6606ef20410e1bcdcc26d1d0bbaeccfb97002199b19777ee7
-
SHA512
0ff6c31444662eb8e8322f676f735f5a3a288c9c8b587592d2f9d40ab2cba0c3ac7c4379d84c7a24565ca588f85b5b6302bf5896cc19d3bf4033504486d16129
-
SSDEEP
12288:Feo9tmBXojQaRK+nm7tqpVCm257KzQWFUrZAf05pVMSr:0h4jQaR5nmheg57XCULLVM
Static task
static1
Behavioral task
behavioral1
Sample
c844b326d9151ac6606ef20410e1bcdcc26d1d0bbaeccfb97002199b19777ee7.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
c844b326d9151ac6606ef20410e1bcdcc26d1d0bbaeccfb97002199b19777ee7.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
c844b326d9151ac6606ef20410e1bcdcc26d1d0bbaeccfb97002199b19777ee7
-
Size
526KB
-
MD5
5109339d6fbcf467a9d50cd9e092c480
-
SHA1
819f1177d29584624eb9b1b9c219f550b068125b
-
SHA256
c844b326d9151ac6606ef20410e1bcdcc26d1d0bbaeccfb97002199b19777ee7
-
SHA512
0ff6c31444662eb8e8322f676f735f5a3a288c9c8b587592d2f9d40ab2cba0c3ac7c4379d84c7a24565ca588f85b5b6302bf5896cc19d3bf4033504486d16129
-
SSDEEP
12288:Feo9tmBXojQaRK+nm7tqpVCm257KzQWFUrZAf05pVMSr:0h4jQaR5nmheg57XCULLVM
Score10/10-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-