General
-
Target
848d70a1a511b508aa9c8f17f11fe5b8
-
Size
310KB
-
Sample
240131-qvxt3sdbh5
-
MD5
848d70a1a511b508aa9c8f17f11fe5b8
-
SHA1
a404f351f36f252c9d317379a0ddef80246011ab
-
SHA256
9e062a277338fa22a89096a2b3a3e83aff243a2ce2b61ce030a00eba80e5f321
-
SHA512
bfde8841732e21060a61907d0430ee738896a3602f9b1b81e198642f7bf2b488cff0a89f688cefb980f96669917801fb73efeece361442f568ea59267c04d667
-
SSDEEP
6144:jyGr6QR1CLXxM6s3Ty/gfntbmFwAZlP6qlfpz:mq6QR1Ww3Ty+cZlPP
Static task
static1
Behavioral task
behavioral1
Sample
848d70a1a511b508aa9c8f17f11fe5b8.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
848d70a1a511b508aa9c8f17f11fe5b8.exe
Resource
win10v2004-20231222-en
Malware Config
Targets
-
-
Target
848d70a1a511b508aa9c8f17f11fe5b8
-
Size
310KB
-
MD5
848d70a1a511b508aa9c8f17f11fe5b8
-
SHA1
a404f351f36f252c9d317379a0ddef80246011ab
-
SHA256
9e062a277338fa22a89096a2b3a3e83aff243a2ce2b61ce030a00eba80e5f321
-
SHA512
bfde8841732e21060a61907d0430ee738896a3602f9b1b81e198642f7bf2b488cff0a89f688cefb980f96669917801fb73efeece361442f568ea59267c04d667
-
SSDEEP
6144:jyGr6QR1CLXxM6s3Ty/gfntbmFwAZlP6qlfpz:mq6QR1Ww3Ty+cZlPP
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-