General
-
Target
807efbeb9557c60be9bc42a7a8bd48af
-
Size
576KB
-
Sample
240129-wkg9jafeh2
-
MD5
807efbeb9557c60be9bc42a7a8bd48af
-
SHA1
c18374e845e20341ec49ad0e273ababd1ccbbab6
-
SHA256
0927d666db23600bea4178d15bfb5ae2b4988b3554114dfe9cfde85ea49a309f
-
SHA512
e440156cbf1d28a33dacfcb3dd37687fff135b307631c4c3e5fbc3ec1366e3b4c02fceec37d4d5dbea07eb13e2eff072400ff9d0c7f32df318dd1e23c9068f24
-
SSDEEP
6144:DqFEZwKusZwWyYktKPlglcbBagfdAdQB7Op9Q5T7S0Wjv:mG3yPSb7+dQBn8F
Behavioral task
behavioral1
Sample
807efbeb9557c60be9bc42a7a8bd48af.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
807efbeb9557c60be9bc42a7a8bd48af.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
xtremerat
mrahmed.hopto.org
Targets
-
-
Target
807efbeb9557c60be9bc42a7a8bd48af
-
Size
576KB
-
MD5
807efbeb9557c60be9bc42a7a8bd48af
-
SHA1
c18374e845e20341ec49ad0e273ababd1ccbbab6
-
SHA256
0927d666db23600bea4178d15bfb5ae2b4988b3554114dfe9cfde85ea49a309f
-
SHA512
e440156cbf1d28a33dacfcb3dd37687fff135b307631c4c3e5fbc3ec1366e3b4c02fceec37d4d5dbea07eb13e2eff072400ff9d0c7f32df318dd1e23c9068f24
-
SSDEEP
6144:DqFEZwKusZwWyYktKPlglcbBagfdAdQB7Op9Q5T7S0Wjv:mG3yPSb7+dQBn8F
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-