General
-
Target
840d4c2cd9b991ea7898459003848c84
-
Size
134KB
-
Sample
240131-ldrjhsaghp
-
MD5
840d4c2cd9b991ea7898459003848c84
-
SHA1
46fa02b7a696b66a0d903f1d4643c8c05bd2dc73
-
SHA256
910e82aa76f384acecc91792b27684ae5b58e597302577b9c3ba3accb376c73f
-
SHA512
42faaf52d6e54d98c772d9abb1d5c0dae04618357586a300fc7e7123dd8898ac85227e6692fff2bce97bed5381772948e0ad674e00e210c2bf936a96a37aaa4e
-
SSDEEP
3072:50gWxxNVc+F4Uu804+wk0kVrrJtdlTNsnBB:50ZBFHu87+30kNdfsBB
Static task
static1
Behavioral task
behavioral1
Sample
840d4c2cd9b991ea7898459003848c84.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
840d4c2cd9b991ea7898459003848c84.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
xtremerat
sanfou25.no-ip.biz
Targets
-
-
Target
840d4c2cd9b991ea7898459003848c84
-
Size
134KB
-
MD5
840d4c2cd9b991ea7898459003848c84
-
SHA1
46fa02b7a696b66a0d903f1d4643c8c05bd2dc73
-
SHA256
910e82aa76f384acecc91792b27684ae5b58e597302577b9c3ba3accb376c73f
-
SHA512
42faaf52d6e54d98c772d9abb1d5c0dae04618357586a300fc7e7123dd8898ac85227e6692fff2bce97bed5381772948e0ad674e00e210c2bf936a96a37aaa4e
-
SSDEEP
3072:50gWxxNVc+F4Uu804+wk0kVrrJtdlTNsnBB:50ZBFHu87+30kNdfsBB
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-