General
-
Target
a8fbf6e88569331b344cbde17bb9269d5621e672a74a86e896b9bd30755be827
-
Size
902KB
-
Sample
221125-v69p8scg67
-
MD5
0b0afbc1eb5c9a1748b8f1371887e84c
-
SHA1
4cadb39e4270e7a4cf226975ba5ce0bfbad59192
-
SHA256
a8fbf6e88569331b344cbde17bb9269d5621e672a74a86e896b9bd30755be827
-
SHA512
73c1a78fe4d87d505ed08da838455f371c65ac556bcc392585a2667d288398ba81aa5faae597c1916c7cef6df72a49cc1725b9cbe3f6a141882fadae79cd84d4
-
SSDEEP
24576:Z4lavt0LkLL9IMixoEgea5DJ4Bq9MmCS:okwkn9IMHea5DJsaPCS
Malware Config
Extracted
xtremerat
bt-root.ddns.net
Targets
-
-
Target
a8fbf6e88569331b344cbde17bb9269d5621e672a74a86e896b9bd30755be827
-
Size
902KB
-
MD5
0b0afbc1eb5c9a1748b8f1371887e84c
-
SHA1
4cadb39e4270e7a4cf226975ba5ce0bfbad59192
-
SHA256
a8fbf6e88569331b344cbde17bb9269d5621e672a74a86e896b9bd30755be827
-
SHA512
73c1a78fe4d87d505ed08da838455f371c65ac556bcc392585a2667d288398ba81aa5faae597c1916c7cef6df72a49cc1725b9cbe3f6a141882fadae79cd84d4
-
SSDEEP
24576:Z4lavt0LkLL9IMixoEgea5DJ4Bq9MmCS:okwkn9IMHea5DJsaPCS
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-