General
-
Target
d53abe32da6fc5f9fff8a4e5950c934a754beaeec5b4eb0c793583a5219a73af
-
Size
405KB
-
Sample
221125-sznhbabg3v
-
MD5
acb6797410609685f65ce25978fbbc71
-
SHA1
79d4daf4cc98668cf62cf6e1d5e3628e6edbd8b2
-
SHA256
d53abe32da6fc5f9fff8a4e5950c934a754beaeec5b4eb0c793583a5219a73af
-
SHA512
d3aa92f9bd9876a00cfd079550e6fa82bd2d3d51fc2aea4ed94bf107da0bf6f1093f3abb6a25702711ce8caf722ba089d520f3111586278fa73ba977a6208d5e
-
SSDEEP
12288:VkqF3zfVnl6VCB+lHOWbtOBEtV1H8UTAti5:VkqF3hoAyx2Vc5
Static task
static1
Behavioral task
behavioral1
Sample
d53abe32da6fc5f9fff8a4e5950c934a754beaeec5b4eb0c793583a5219a73af.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
d53abe32da6fc5f9fff8a4e5950c934a754beaeec5b4eb0c793583a5219a73af.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
d53abe32da6fc5f9fff8a4e5950c934a754beaeec5b4eb0c793583a5219a73af
-
Size
405KB
-
MD5
acb6797410609685f65ce25978fbbc71
-
SHA1
79d4daf4cc98668cf62cf6e1d5e3628e6edbd8b2
-
SHA256
d53abe32da6fc5f9fff8a4e5950c934a754beaeec5b4eb0c793583a5219a73af
-
SHA512
d3aa92f9bd9876a00cfd079550e6fa82bd2d3d51fc2aea4ed94bf107da0bf6f1093f3abb6a25702711ce8caf722ba089d520f3111586278fa73ba977a6208d5e
-
SSDEEP
12288:VkqF3zfVnl6VCB+lHOWbtOBEtV1H8UTAti5:VkqF3hoAyx2Vc5
Score10/10-
Modifies WinLogon for persistence
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-