General
-
Target
97ad592f5bc5bdd7920f322ef9bea8a6eef9198ee46f46a4d114ff54c926097f
-
Size
69KB
-
Sample
221206-mw2b4sah37
-
MD5
54d37a0bf6862350be8ba31a88e7c91c
-
SHA1
eaf1fadc671b4e1afdc87f2dd25fe26e32cd0acb
-
SHA256
97ad592f5bc5bdd7920f322ef9bea8a6eef9198ee46f46a4d114ff54c926097f
-
SHA512
12cb9578cb146d3acc04a55e650ab0be77102a2955de4c23c57d0f118fd6c4bc6c412a940261c3107e18fd04127f12cc7d638a8c84d4cd5f47f435e77b571719
-
SSDEEP
1536:rGxvCUew0tWmedelq8PyZ6vU6X3xDoP2pt8Hm6KfIN:rG1NevOelq8KZ6vLpZYG9m
Malware Config
Extracted
xtremerat
sl-s7.no-ip.org
Targets
-
-
Target
97ad592f5bc5bdd7920f322ef9bea8a6eef9198ee46f46a4d114ff54c926097f
-
Size
69KB
-
MD5
54d37a0bf6862350be8ba31a88e7c91c
-
SHA1
eaf1fadc671b4e1afdc87f2dd25fe26e32cd0acb
-
SHA256
97ad592f5bc5bdd7920f322ef9bea8a6eef9198ee46f46a4d114ff54c926097f
-
SHA512
12cb9578cb146d3acc04a55e650ab0be77102a2955de4c23c57d0f118fd6c4bc6c412a940261c3107e18fd04127f12cc7d638a8c84d4cd5f47f435e77b571719
-
SSDEEP
1536:rGxvCUew0tWmedelq8PyZ6vU6X3xDoP2pt8Hm6KfIN:rG1NevOelq8KZ6vLpZYG9m
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Modifies Installed Components in the registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-