General
-
Target
dda389463f20a2133611fcb4a5070567bd66c7fed4f4fbb6fca9519c04c08617
-
Size
125KB
-
Sample
221205-d85qmagd3x
-
MD5
e21a97e24764f966e63ef8aaa40c3187
-
SHA1
9248e675dfcc45beae7eff04db8fb1c55ad4b456
-
SHA256
dda389463f20a2133611fcb4a5070567bd66c7fed4f4fbb6fca9519c04c08617
-
SHA512
f9b3e6e1629a3e744e68d1693a5118fd6372d7a42485b9addafdb3b5737ecd145049ab8f07edb36c837ca48450e58122a20e3a1d37b63f416f0868081281a786
-
SSDEEP
3072:PGffby9J6xjifDpYYgr3B82Z7UD5gbQjicQRVO7:OHbypryF82Z7kgbQQo
Static task
static1
Behavioral task
behavioral1
Sample
dda389463f20a2133611fcb4a5070567bd66c7fed4f4fbb6fca9519c04c08617.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
dda389463f20a2133611fcb4a5070567bd66c7fed4f4fbb6fca9519c04c08617.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
dda389463f20a2133611fcb4a5070567bd66c7fed4f4fbb6fca9519c04c08617
-
Size
125KB
-
MD5
e21a97e24764f966e63ef8aaa40c3187
-
SHA1
9248e675dfcc45beae7eff04db8fb1c55ad4b456
-
SHA256
dda389463f20a2133611fcb4a5070567bd66c7fed4f4fbb6fca9519c04c08617
-
SHA512
f9b3e6e1629a3e744e68d1693a5118fd6372d7a42485b9addafdb3b5737ecd145049ab8f07edb36c837ca48450e58122a20e3a1d37b63f416f0868081281a786
-
SSDEEP
3072:PGffby9J6xjifDpYYgr3B82Z7UD5gbQjicQRVO7:OHbypryF82Z7kgbQQo
-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-