Extracted

• • Target

    e7bbb19d9ebe7405ebc31a3c31b36d690a58ea3cd767d316a74c9091f6f135c7

  • Size

    374KB

  • MD5

    f93fd157187cb6468e2b2c1fdda4af01

  • SHA1

    0c8e622eddbb2812994c1863840fa2a717321451

  • SHA256

    e7bbb19d9ebe7405ebc31a3c31b36d690a58ea3cd767d316a74c9091f6f135c7

  • SHA512

    218793069110bdb9aad1f4a2b2667a09ea9ca3c395ce2cb1d78314bcd8a58467dab6e0440e4b104e84cbd4a3b53d9887c1e128f69bc408c8f0a4b743fe9d7380

  • SSDEEP

    6144:Tcxz2nC7urgMMrYtxSo5Gvl7HGYISS67sLUsDGf8I2M3ld2w:Tsr7lbrYtxJoEYILosLfGUI2M3j7

  Score

  10^/10

  xtremeratpersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Executes dropped EXE

  • Modifies Installed Components in the registry

    persistence

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Deletes itself

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Drops file in System32 directory

  behavioral1behavioral2