General
-
Target
74764c8591ee28fabb712527f26058a1
-
Size
95KB
-
Sample
240125-mkl32sdhc8
-
MD5
74764c8591ee28fabb712527f26058a1
-
SHA1
d03b14b88bd44bd61d1ee7f00f7144c257365477
-
SHA256
c16457e23f4c2568b161a293e0528d7195c026f1f4c8c4b7836cba12a13c8d5d
-
SHA512
5eccf720004dfa897aa965c3d1afc85b0a0e52ef4dff7f1b044d4ba5f486dc09eb094958e990c33b23f07b16c6097ca015569e9737ef7e3da9b53579f84b9bb5
-
SSDEEP
1536:EoRHGm0QySVr9DCBDrLoh/n2uTx8h+CGu+cEDraqJCVLZ9uV0+GYe:Eotd0QySVrZknei/G7vDWDVLZ980P9
Static task
static1
Behavioral task
behavioral1
Sample
74764c8591ee28fabb712527f26058a1.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
74764c8591ee28fabb712527f26058a1.exe
Resource
win10v2004-20231222-en
Malware Config
Extracted
xtremerat
ᦼbumboxss.dyndns.info
Targets
-
-
Target
74764c8591ee28fabb712527f26058a1
-
Size
95KB
-
MD5
74764c8591ee28fabb712527f26058a1
-
SHA1
d03b14b88bd44bd61d1ee7f00f7144c257365477
-
SHA256
c16457e23f4c2568b161a293e0528d7195c026f1f4c8c4b7836cba12a13c8d5d
-
SHA512
5eccf720004dfa897aa965c3d1afc85b0a0e52ef4dff7f1b044d4ba5f486dc09eb094958e990c33b23f07b16c6097ca015569e9737ef7e3da9b53579f84b9bb5
-
SSDEEP
1536:EoRHGm0QySVr9DCBDrLoh/n2uTx8h+CGu+cEDraqJCVLZ9uV0+GYe:Eotd0QySVrZknei/G7vDWDVLZ980P9
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-