Overview

overview

10

Static

static

fc80f4ae5f...72.exe

windows7-x64

10

fc80f4ae5f...72.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fc80f4ae5f25cd9a3275248063f923da04e91600e2c3885db70cbc1cdb243d72

  • Size

    159KB

  • Sample

    221127-zn7kdacg2w

  • MD5

    59ee8d36be73745808e7bad09ed379a3

  • SHA1

    d8b81d532b8a10aaf92a5d46b8d4d8679f8fafe9

  • SHA256

    fc80f4ae5f25cd9a3275248063f923da04e91600e2c3885db70cbc1cdb243d72

  • SHA512

    5a172cc49308e3e09e6bd5ecd5958414aa838375dedc65a0bef25b06a76b699528fedf70b48759fd039ef405a77ac44552daf559e26e871b4637730dad3c6ca4

  • SSDEEP

    3072:rx/DtO11yxCnhYvh9Yn1WyGbaZtqbLiQCK2sjzvxTqF54zHzInx:PG1eQn11GbaqL/Fzv9Q6rsnx

Score
10/10
xtremeratpersistenceratspyware

Malware Config

Extracted

Family

xtremerat

C2

bykoray.no-ip.org

31.no-ip.org

Targets

    • Target

      fc80f4ae5f25cd9a3275248063f923da04e91600e2c3885db70cbc1cdb243d72

    • Size

      159KB

    • MD5

      59ee8d36be73745808e7bad09ed379a3

    • SHA1

      d8b81d532b8a10aaf92a5d46b8d4d8679f8fafe9

    • SHA256

      fc80f4ae5f25cd9a3275248063f923da04e91600e2c3885db70cbc1cdb243d72

    • SHA512

      5a172cc49308e3e09e6bd5ecd5958414aa838375dedc65a0bef25b06a76b699528fedf70b48759fd039ef405a77ac44552daf559e26e871b4637730dad3c6ca4

    • SSDEEP

      3072:rx/DtO11yxCnhYvh9Yn1WyGbaZtqbLiQCK2sjzvxTqF54zHzInx:PG1eQn11GbaqL/Fzv9Q6rsnx

    Score
    10/10
    xtremeratpersistenceratspyware

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

      persistencespywareratxtremerat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks