General
-
Target
3a7fb45b49e026f5c517c5ea2dd99e40926e0fc9fd26b35053670461a52f3754
-
Size
156KB
-
Sample
221203-wrr3bada74
-
MD5
7b2f715c1c3da8cfed84c2bff35676d9
-
SHA1
2b6d2a5b6110e6900b191123f940487040a770aa
-
SHA256
3a7fb45b49e026f5c517c5ea2dd99e40926e0fc9fd26b35053670461a52f3754
-
SHA512
683f776c7f821ccbd98f7ab117c19e6b174b46fd098f96465b6375013c1d6a0c495c958a38446c05c537835fbc6d2b96f255ddbfaf728175be4b50c480f9f52d
-
SSDEEP
3072:DXgnMZMAht0Nht4pr9NJWqrkuBIH4ax+9gnUhPSNNyWcHzYqPL0BbNNQ8:sCMOpLIqNBgPCTHzYjBb3z
Malware Config
Extracted
xtremerat
sucamilla.no-ip.org
Targets
-
-
Target
3a7fb45b49e026f5c517c5ea2dd99e40926e0fc9fd26b35053670461a52f3754
-
Size
156KB
-
MD5
7b2f715c1c3da8cfed84c2bff35676d9
-
SHA1
2b6d2a5b6110e6900b191123f940487040a770aa
-
SHA256
3a7fb45b49e026f5c517c5ea2dd99e40926e0fc9fd26b35053670461a52f3754
-
SHA512
683f776c7f821ccbd98f7ab117c19e6b174b46fd098f96465b6375013c1d6a0c495c958a38446c05c537835fbc6d2b96f255ddbfaf728175be4b50c480f9f52d
-
SSDEEP
3072:DXgnMZMAht0Nht4pr9NJWqrkuBIH4ax+9gnUhPSNNyWcHzYqPL0BbNNQ8:sCMOpLIqNBgPCTHzYjBb3z
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-