General
-
Target
7600e7063e8923531d864f12da7a849a
-
Size
492KB
-
Sample
240126-bndqascceq
-
MD5
7600e7063e8923531d864f12da7a849a
-
SHA1
d6cc3a257910d9d3798c157616e55e80fffe477b
-
SHA256
fede3acc541cea42cc036291163ef665c2a3afb0ed7aeb456490d43c6d77bb3c
-
SHA512
70a92ba228af0c943a3dd6f0a05a7dfea426534853405f762245a6cb60437379118e27df45cfb90806fc991a4a272d90fd873c5489de5145f41c33341101c81c
-
SSDEEP
6144:JnAwmCJTOh5ftjXL4bUKEPzIV0QO/7zDzNEKrXU1cVd8fOObkrL+eBpxwsqVuSrj:JD+PjXL46U6hLzN96jb4gt
Static task
static1
Behavioral task
behavioral1
Sample
7600e7063e8923531d864f12da7a849a.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
7600e7063e8923531d864f12da7a849a.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
xtremerat
2hask.no-ip.biz
Targets
-
-
Target
7600e7063e8923531d864f12da7a849a
-
Size
492KB
-
MD5
7600e7063e8923531d864f12da7a849a
-
SHA1
d6cc3a257910d9d3798c157616e55e80fffe477b
-
SHA256
fede3acc541cea42cc036291163ef665c2a3afb0ed7aeb456490d43c6d77bb3c
-
SHA512
70a92ba228af0c943a3dd6f0a05a7dfea426534853405f762245a6cb60437379118e27df45cfb90806fc991a4a272d90fd873c5489de5145f41c33341101c81c
-
SSDEEP
6144:JnAwmCJTOh5ftjXL4bUKEPzIV0QO/7zDzNEKrXU1cVd8fOObkrL+eBpxwsqVuSrj:JD+PjXL46U6hLzN96jb4gt
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-