General
-
Target
bc52fef0663fd4e3ce1b7e67284bc941d98e4d2e376f92231039398442651a8b
-
Size
867KB
-
Sample
221206-mgbg5sce5s
-
MD5
30f5113831c2542dc3324b5c572512d6
-
SHA1
2052e361bd3462a41b5ba59b4f5a968b2bff1510
-
SHA256
bc52fef0663fd4e3ce1b7e67284bc941d98e4d2e376f92231039398442651a8b
-
SHA512
91ca7129e3d999765827d588e3f5417333985ff122d3b541e88a2e7850ec33d89bc414e5b0803e5361f8332e3170646b49931b701c156feb719ee3a5b9938684
-
SSDEEP
24576:kIabetnNvsBN7c49W1MNY5+XkAiAD4xd44MIgRhxYeoHvh7:Ab4nNvcNgD1MNY5+XkAiAD4xd44MIgRE
Malware Config
Extracted
xtremerat
nerozhack.ddns.com.br
alonedevil.no-ip.org
gameszero.dyndns.org
Targets
-
-
Target
bc52fef0663fd4e3ce1b7e67284bc941d98e4d2e376f92231039398442651a8b
-
Size
867KB
-
MD5
30f5113831c2542dc3324b5c572512d6
-
SHA1
2052e361bd3462a41b5ba59b4f5a968b2bff1510
-
SHA256
bc52fef0663fd4e3ce1b7e67284bc941d98e4d2e376f92231039398442651a8b
-
SHA512
91ca7129e3d999765827d588e3f5417333985ff122d3b541e88a2e7850ec33d89bc414e5b0803e5361f8332e3170646b49931b701c156feb719ee3a5b9938684
-
SSDEEP
24576:kIabetnNvsBN7c49W1MNY5+XkAiAD4xd44MIgRhxYeoHvh7:Ab4nNvcNgD1MNY5+XkAiAD4xd44MIgRE
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Drops file in Drivers directory
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-