Overview

overview

10

Static

static

3

051f02e13a...3e.exe

windows7-x64

10

051f02e13a...3e.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    051f02e13a3d0db35685a9dc8811383e

  • Size

    396KB

  • Sample

    231229-1y82maaeem

  • MD5

    051f02e13a3d0db35685a9dc8811383e

  • SHA1

    7fe0c125da66fb0e0d839c91332b92dfc88cb5d4

  • SHA256

    a116f6dec0a031a5febe4af929f2c7ebdcd134475a46191681d10186eb797791

  • SHA512

    db637086548e00a143aa5e8862eb9e7e08093eacbb2de51e98a8b69ce460152a5d3f11b46d2f15ef2031f046d2ffb20ee9fc0733fd9073af4327894c7a34ced4

  • SSDEEP

    12288:2l3bgMK/lGRgOUqmq9kR6lhKXONZpAeseL:y3bgMK/cRgOnmq9g6zzAe/

Score
10/10
xtremeratpersistenceratspywareupx

Malware Config

Targets

    • Target

      051f02e13a3d0db35685a9dc8811383e

    • Size

      396KB

    • MD5

      051f02e13a3d0db35685a9dc8811383e

    • SHA1

      7fe0c125da66fb0e0d839c91332b92dfc88cb5d4

    • SHA256

      a116f6dec0a031a5febe4af929f2c7ebdcd134475a46191681d10186eb797791

    • SHA512

      db637086548e00a143aa5e8862eb9e7e08093eacbb2de51e98a8b69ce460152a5d3f11b46d2f15ef2031f046d2ffb20ee9fc0733fd9073af4327894c7a34ced4

    • SSDEEP

      12288:2l3bgMK/lGRgOUqmq9kR6lhKXONZpAeseL:y3bgMK/cRgOnmq9g6zzAe/

    Score
    10/10
    xtremeratpersistenceratspywareupx

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

      persistencespywareratxtremerat

    • Modifies Installed Components in the registry

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks