General
-
Target
829d688d6319514327336a54b5954cff
-
Size
346KB
-
Sample
240130-ymn6zadben
-
MD5
829d688d6319514327336a54b5954cff
-
SHA1
c771a0b8d570a57b17b8ecba0ec77e584385b10d
-
SHA256
607dc11710cdbf52e8fea6df43b926634394fbd11a0136137f70c97b6fc1ab0d
-
SHA512
e051a1e2551652052b457c247026ae12f09f4be5e28559203ca8bdffed426d56061858d03244824859815e8f3586cbea26f12068e39b550de982c8a16000fb44
-
SSDEEP
6144:uLpeqc0Ixo540Eq2QwZ1ZbCHf9pu1W44MCQlL4vOJT4M:KAzbCVpw4SkvtM
Static task
static1
Behavioral task
behavioral1
Sample
829d688d6319514327336a54b5954cff.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
829d688d6319514327336a54b5954cff.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
xtremerat
merlim2.no-ip.org
䆸ఀ篐痔籤merlim2.no-ip.org
Targets
-
-
Target
829d688d6319514327336a54b5954cff
-
Size
346KB
-
MD5
829d688d6319514327336a54b5954cff
-
SHA1
c771a0b8d570a57b17b8ecba0ec77e584385b10d
-
SHA256
607dc11710cdbf52e8fea6df43b926634394fbd11a0136137f70c97b6fc1ab0d
-
SHA512
e051a1e2551652052b457c247026ae12f09f4be5e28559203ca8bdffed426d56061858d03244824859815e8f3586cbea26f12068e39b550de982c8a16000fb44
-
SSDEEP
6144:uLpeqc0Ixo540Eq2QwZ1ZbCHf9pu1W44MCQlL4vOJT4M:KAzbCVpw4SkvtM
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-