General
-
Target
80ca7ba01d7d6b349d3525e4e97387a6
-
Size
256KB
-
Sample
240129-y82n7aaae7
-
MD5
80ca7ba01d7d6b349d3525e4e97387a6
-
SHA1
38b255b0b2f7a0f11fc373656ce75c1f663d9295
-
SHA256
7870b07d5c8c8848860579a6e48c054aace2371e953013522356b2d425578d77
-
SHA512
b486206efc3062e641b0fff066a76faa748a17e92b448a4c42124fba6fdb33cab6e9348bffb1ca56e6e8ab562f5f59c7469bd41030615ea11596382fd83947b6
-
SSDEEP
3072:9fiQUSKagWQdylnXdvPdv6loGvWz0GXlG1gqtYpwRQ5VuemEDlc:9dvPdvd0wlM/tYpwRQ5V3mED
Static task
static1
Behavioral task
behavioral1
Sample
80ca7ba01d7d6b349d3525e4e97387a6.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
80ca7ba01d7d6b349d3525e4e97387a6.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
xtremerat
princedz.no-ip.org
Targets
-
-
Target
80ca7ba01d7d6b349d3525e4e97387a6
-
Size
256KB
-
MD5
80ca7ba01d7d6b349d3525e4e97387a6
-
SHA1
38b255b0b2f7a0f11fc373656ce75c1f663d9295
-
SHA256
7870b07d5c8c8848860579a6e48c054aace2371e953013522356b2d425578d77
-
SHA512
b486206efc3062e641b0fff066a76faa748a17e92b448a4c42124fba6fdb33cab6e9348bffb1ca56e6e8ab562f5f59c7469bd41030615ea11596382fd83947b6
-
SSDEEP
3072:9fiQUSKagWQdylnXdvPdv6loGvWz0GXlG1gqtYpwRQ5VuemEDlc:9dvPdvd0wlM/tYpwRQ5V3mED
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of SetThreadContext
-