General
-
Target
59c76d8c853b8f3c319b0c31bbe8d432dc6a1a56c317acfa328774f133c26fbd
-
Size
19KB
-
Sample
221205-xa928sef72
-
MD5
0722fedbe04ab3eb54a2852a696d4e80
-
SHA1
609389df66fbd95fe8f7fcca3e68bdb00e61b414
-
SHA256
59c76d8c853b8f3c319b0c31bbe8d432dc6a1a56c317acfa328774f133c26fbd
-
SHA512
5aca56c2abf2094b63c54d06bcc90479b4f00684c2911ab72123e78c0501d2e73a26170f47fa58efd2530a8695a3b01163a2087e2862d0d92894428cc5d803d8
-
SSDEEP
384:4HKZfuH87GowDqGoMwevqxP6k6zIDwPVBSP+oV/5K7R:lZfuHUvwDKP6kMpi+e/+
Malware Config
Targets
-
-
Target
59c76d8c853b8f3c319b0c31bbe8d432dc6a1a56c317acfa328774f133c26fbd
-
Size
19KB
-
MD5
0722fedbe04ab3eb54a2852a696d4e80
-
SHA1
609389df66fbd95fe8f7fcca3e68bdb00e61b414
-
SHA256
59c76d8c853b8f3c319b0c31bbe8d432dc6a1a56c317acfa328774f133c26fbd
-
SHA512
5aca56c2abf2094b63c54d06bcc90479b4f00684c2911ab72123e78c0501d2e73a26170f47fa58efd2530a8695a3b01163a2087e2862d0d92894428cc5d803d8
-
SSDEEP
384:4HKZfuH87GowDqGoMwevqxP6k6zIDwPVBSP+oV/5K7R:lZfuHUvwDKP6kMpi+e/+
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-