General
-
Target
77f48e175dcf48e233eaac59da4b5e50
-
Size
181KB
-
Sample
240126-v29jnsccap
-
MD5
77f48e175dcf48e233eaac59da4b5e50
-
SHA1
5ce37b56b1ba10bce3bfcccecf800e1db1e39a6e
-
SHA256
e94fabac6267013d3c8e1906a6b8373b2f95f2fea05f185c15aa9c3e9c6825f9
-
SHA512
d705eab37f5c7c498098a034832819550bb3e43fbea42525156093e060a1267703759101a514f509079f8afc062c6835f11a4cb9bead233b73fb7278a0de1e52
-
SSDEEP
3072:E/XXvVr4sC65hD7cq2qvJEDvrUzp3DoHVx3OdP7dYzp3DoHVx3OdP7dq2w:MXvFv5lc2Go0x+w0x+G2w
Static task
static1
Behavioral task
behavioral1
Sample
77f48e175dcf48e233eaac59da4b5e50.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
77f48e175dcf48e233eaac59da4b5e50.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
xtremerat
tatooo.no-ip.biz
Targets
-
-
Target
77f48e175dcf48e233eaac59da4b5e50
-
Size
181KB
-
MD5
77f48e175dcf48e233eaac59da4b5e50
-
SHA1
5ce37b56b1ba10bce3bfcccecf800e1db1e39a6e
-
SHA256
e94fabac6267013d3c8e1906a6b8373b2f95f2fea05f185c15aa9c3e9c6825f9
-
SHA512
d705eab37f5c7c498098a034832819550bb3e43fbea42525156093e060a1267703759101a514f509079f8afc062c6835f11a4cb9bead233b73fb7278a0de1e52
-
SSDEEP
3072:E/XXvVr4sC65hD7cq2qvJEDvrUzp3DoHVx3OdP7dYzp3DoHVx3OdP7dq2w:MXvFv5lc2Go0x+w0x+G2w
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of SetThreadContext
-