General
-
Target
78c7e850d5a57a85591d9f8f53458a2d
-
Size
44KB
-
Sample
240127-ank9pshcc4
-
MD5
78c7e850d5a57a85591d9f8f53458a2d
-
SHA1
326965a7a7a33c7248a0d176ac17f859078a12a3
-
SHA256
3e44cfd51ec7b6c5139bfe44cb8e8dc79b4048d1726644853b8df6c8c92a18c8
-
SHA512
de00dc33454986ff5c0624ecc0f58b16672c61270fdee5467795750ed1069cecacc18cc9056e07a27f0b004174b52a13fdd7d32ad092784703d27c0aa61abc96
-
SSDEEP
768:rBr+tjFqTPkAlfztB1lr6an3smTA8uvm2DfOTwYPI1k4a:FyRUHlrL1lr6an3TLuvm2buQG4a
Behavioral task
behavioral1
Sample
78c7e850d5a57a85591d9f8f53458a2d.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
78c7e850d5a57a85591d9f8f53458a2d.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
xtremerat
supporthp.myftp.org
蠀C:\Windsupporthp.myftp.org
耀㗹疭췠&㐸supporthp.myftp.org
蠀C:\Windsupportsniper.myftp.org
C:\Ussupportsniper.myftp.org
Targets
-
-
Target
78c7e850d5a57a85591d9f8f53458a2d
-
Size
44KB
-
MD5
78c7e850d5a57a85591d9f8f53458a2d
-
SHA1
326965a7a7a33c7248a0d176ac17f859078a12a3
-
SHA256
3e44cfd51ec7b6c5139bfe44cb8e8dc79b4048d1726644853b8df6c8c92a18c8
-
SHA512
de00dc33454986ff5c0624ecc0f58b16672c61270fdee5467795750ed1069cecacc18cc9056e07a27f0b004174b52a13fdd7d32ad092784703d27c0aa61abc96
-
SSDEEP
768:rBr+tjFqTPkAlfztB1lr6an3smTA8uvm2DfOTwYPI1k4a:FyRUHlrL1lr6an3TLuvm2buQG4a
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-