Overview

overview

10

Static

static

3

124e52d861...b0.exe

windows7-x64

10

124e52d861...b0.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    124e52d861fa0a10b58243586f995db0

  • Size

    1.0MB

  • Sample

    231224-zwz59sfcc5

  • MD5

    124e52d861fa0a10b58243586f995db0

  • SHA1

    bb4c59ff2e20925962ff1cb2fa48e4e9dc5b2f3a

  • SHA256

    4e6adcfdfc8c588c47c43a0fa6eb4a69466e63352a9f4e42b4149052ae091898

  • SHA512

    184b087a10bd4113a2caac18cc58809df155137d76e7594b2a463fba262284b66db4d644e6bfa60bf47d90d7e194591916292025a9b9723dcd42580d068a49a6

  • SSDEEP

    24576:7nNjmKZW7OkxIotUjd5TrFIkwRSQ2mFakQgHGOh1R/QdS+QNCS+9:7NjMOqbtq5T5ORSacm1xQdS29

Score
10/10
xtremeratpersistenceratspyware

Malware Config

Extracted

Family

xtremerat

C2

vvnv12.no-ip.biz

Targets

    • Target

      124e52d861fa0a10b58243586f995db0

    • Size

      1.0MB

    • MD5

      124e52d861fa0a10b58243586f995db0

    • SHA1

      bb4c59ff2e20925962ff1cb2fa48e4e9dc5b2f3a

    • SHA256

      4e6adcfdfc8c588c47c43a0fa6eb4a69466e63352a9f4e42b4149052ae091898

    • SHA512

      184b087a10bd4113a2caac18cc58809df155137d76e7594b2a463fba262284b66db4d644e6bfa60bf47d90d7e194591916292025a9b9723dcd42580d068a49a6

    • SSDEEP

      24576:7nNjmKZW7OkxIotUjd5TrFIkwRSQ2mFakQgHGOh1R/QdS+QNCS+9:7NjMOqbtq5T5ORSacm1xQdS29

    Score
    10/10
    xtremeratpersistenceratspyware

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

      persistencespywareratxtremerat

    • Modifies Installed Components in the registry

      persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks