Extracted

• • Target

    0af045771295c1224be6faf759d809ab

  • Size

    59KB

  • MD5

    0af045771295c1224be6faf759d809ab

  • SHA1

    ebdfa4dfa4d478d1aa4459bd16b2dff0cd6c95a2

  • SHA256

    8695ae369810cd66b95fdd795d4d7eee383c0ccfb631ad65a43a509f35af13b4

  • SHA512

    fc0c5983f4873160a259af2d01059b49b63d822f4f72f49130137dd7ec2e78d0ff9f47de6c6e8c189ac398931873a627b606f3c4807044c09113abb091a80b52

  • SSDEEP

    1536:4lMiwp/dqqzXS+o4/iam3ansDZ25efQuoAEz:2MiidZzXU4aalnsDZ25ruohz

  Score

  10^/10

  xtremeratpersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Modifies Installed Components in the registry

    persistence

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2