General
-
Target
54538345681f03dfee0439fe6a48152b0684c049efa1db121c026be37e056af1
-
Size
6.6MB
-
Sample
221126-3sddwadf64
-
MD5
11eb7cbce8b621565f1052f908356515
-
SHA1
4beb02b6f2b7048743e061913ce1e14f7ce5465d
-
SHA256
54538345681f03dfee0439fe6a48152b0684c049efa1db121c026be37e056af1
-
SHA512
535555bb326e88ba0383e597ec94c9b005280de7cc30e09e20a49be4138de2c5b85e1ec9d68e8ebfd4b01374f0d6f9a4d79c580b87791aed84f80b5c9cb61403
-
SSDEEP
196608:P+qT6nWyisUqqLUBwtTg17mxLOnx568coRo:P1Y/hkUBOTEALOEoRo
Static task
static1
Behavioral task
behavioral1
Sample
54538345681f03dfee0439fe6a48152b0684c049efa1db121c026be37e056af1.rar
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
54538345681f03dfee0439fe6a48152b0684c049efa1db121c026be37e056af1.rar
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
IDM 6.21 Build 17/Patch/1.internet.download.manager.v6-patch.exe
Resource
win7-20220901-en
Behavioral task
behavioral4
Sample
IDM 6.21 Build 17/Patch/1.internet.download.manager.v6-patch.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
IDM 6.21 Build 17/idman621build17.exe
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
IDM 6.21 Build 17/idman621build17.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
xtremerat
remotedesktop11.no-ip.info
Targets
-
-
Target
54538345681f03dfee0439fe6a48152b0684c049efa1db121c026be37e056af1
-
Size
6.6MB
-
MD5
11eb7cbce8b621565f1052f908356515
-
SHA1
4beb02b6f2b7048743e061913ce1e14f7ce5465d
-
SHA256
54538345681f03dfee0439fe6a48152b0684c049efa1db121c026be37e056af1
-
SHA512
535555bb326e88ba0383e597ec94c9b005280de7cc30e09e20a49be4138de2c5b85e1ec9d68e8ebfd4b01374f0d6f9a4d79c580b87791aed84f80b5c9cb61403
-
SSDEEP
196608:P+qT6nWyisUqqLUBwtTg17mxLOnx568coRo:P1Y/hkUBOTEALOEoRo
Score3/10 -
-
-
Target
IDM 6.21 Build 17/Patch/1.internet.download.manager.v6-patch.exe
-
Size
201KB
-
MD5
26c455a7211b88c0dbea04c33f7bd9aa
-
SHA1
5f4a63563c33d9569c70cc828b97a852008d2c7f
-
SHA256
af57d588d5b5ef9ac84b51df745f628e5e4bd998ddd4e4a301074e77fd8c632a
-
SHA512
ea4a8716f1c6779525be01d2104a24e25c327e5606b3e0aa79dcbac2007c98016d2529f3ef66ced10711a0d96453df26f81f2721aebd2f77d2e580fc16524ebd
-
SSDEEP
3072:hqT1m55Hm9fxaGOyWLVjXEECCE8DHe7YcDoX:h41qkqEcHeZY
Score7/10-
Loads dropped DLL
-
-
-
Target
IDM 6.21 Build 17/idman621build17.exe
-
Size
6.3MB
-
MD5
7f66b63ae030d04a43178df57bb78b1a
-
SHA1
8605715d8de48241315ec8fcfb91a8380f6776c1
-
SHA256
b2939aee96b950ca152f10d4791107be9f71f17f4d42e55183d259f8f7b6a6e7
-
SHA512
4a0590a23c10dd257692e1f4497912935556d4e152fe09ecd1eb2531fba0ee80a079c589068315623ff660c8e5c99871d68a4d48fecfc7ed579081c5e77def46
-
SSDEEP
98304:A1RaZKOTNyQE17hjs+USipFnLSXF9v8CqLoiLwst/IxZsQU3wDkAaXnmkhD:4aZXTLcVs+upF4Lv8CqSstUKQU1lL5
-
Detect XtremeRAT payload
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-