Extracted

• • Target

    94761823818df0f756c26082e55af289d706ea22b927730a8e18aa72393475ee

  • Size

    430KB

  • MD5

    0d825739298426f4fb430778ccf563ec

  • SHA1

    503f325e2f13e6a3a8339f78e90a5368b4f4d81f

  • SHA256

    94761823818df0f756c26082e55af289d706ea22b927730a8e18aa72393475ee

  • SHA512

    1a6c28b7615f6da08afcfd29a5d3db12c758bdb93f008232275d619e821bbca7580fedb017164075860d5c4c3a92fb7dd7d1c35ed2a282ba14ff5b14aa67bf38

  • SSDEEP

    12288:f9BvctM85t35JPNJj2WzoRLQYRYzmYs9T6PS0M:fD0tM85tbNJjldeYiYsRZN

  Score

  10^/10

  xtremeratpersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Loads dropped DLL

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  behavioral1behavioral2