General
-
Target
b9a6b47359f9e7f120e6aa05c2653e91bd834052a82854fdd3b5dbf97df99776
-
Size
30KB
-
Sample
221203-n2sgtsbh9t
-
MD5
0492a767672d6d830c40135e817b6730
-
SHA1
49bf2a2aa7978e3ef88665a862ed984432157b10
-
SHA256
b9a6b47359f9e7f120e6aa05c2653e91bd834052a82854fdd3b5dbf97df99776
-
SHA512
4ec2183320584ce464d55296aa3ce0786ad393142e875c911ddab50692f10f4f30d2739e82f6005c38b4bb65cf6c6d0cb628e587e2c34475242ee12d8ba34f15
-
SSDEEP
384:ixK81e1TSUARnm9E3/uk0vkA3Ea38I4yXhd9prziSASusimsmonZw87WboXbQ3:iYUecFuDvkAnKyXpprYVm5oF
Malware Config
Targets
-
-
Target
b9a6b47359f9e7f120e6aa05c2653e91bd834052a82854fdd3b5dbf97df99776
-
Size
30KB
-
MD5
0492a767672d6d830c40135e817b6730
-
SHA1
49bf2a2aa7978e3ef88665a862ed984432157b10
-
SHA256
b9a6b47359f9e7f120e6aa05c2653e91bd834052a82854fdd3b5dbf97df99776
-
SHA512
4ec2183320584ce464d55296aa3ce0786ad393142e875c911ddab50692f10f4f30d2739e82f6005c38b4bb65cf6c6d0cb628e587e2c34475242ee12d8ba34f15
-
SSDEEP
384:ixK81e1TSUARnm9E3/uk0vkA3Ea38I4yXhd9prziSASusimsmonZw87WboXbQ3:iYUecFuDvkAnKyXpprYVm5oF
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-