General
-
Target
e6719eeccee467080c1873920610821f0488bdf5674357d4c0183d609d51e09e
-
Size
170KB
-
Sample
221130-y2pq2sbg98
-
MD5
0095463dcec80139f260441f55342f6e
-
SHA1
c26f18944a0764a399d376b636c7748e0f9505ea
-
SHA256
e6719eeccee467080c1873920610821f0488bdf5674357d4c0183d609d51e09e
-
SHA512
0fbd6ad24d77982cffd5ea34ae587197303d869388f62b188872da2c101e6206f52d567076e32f92833aac18eff6ac911df9e512d802a08195e544c5544bbe47
-
SSDEEP
3072:7DYClxW48oQyMmEwr+tDDdvT3osib+yg7RXdNW5uWw+ISzuaG5UE6Cs6igErg4bf:7D9/81yRrrQXdvbfib+V7l2njGprs6sh
Malware Config
Targets
-
-
Target
e6719eeccee467080c1873920610821f0488bdf5674357d4c0183d609d51e09e
-
Size
170KB
-
MD5
0095463dcec80139f260441f55342f6e
-
SHA1
c26f18944a0764a399d376b636c7748e0f9505ea
-
SHA256
e6719eeccee467080c1873920610821f0488bdf5674357d4c0183d609d51e09e
-
SHA512
0fbd6ad24d77982cffd5ea34ae587197303d869388f62b188872da2c101e6206f52d567076e32f92833aac18eff6ac911df9e512d802a08195e544c5544bbe47
-
SSDEEP
3072:7DYClxW48oQyMmEwr+tDDdvT3osib+yg7RXdNW5uWw+ISzuaG5UE6Cs6igErg4bf:7D9/81yRrrQXdvbfib+V7l2njGprs6sh
Score10/10-
Detect XtremeRAT payload
-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-