General
-
Target
84e5cf1efe8fe07b8f5e19219dc0484f
-
Size
227KB
-
Sample
240131-tz6vbsgeg6
-
MD5
84e5cf1efe8fe07b8f5e19219dc0484f
-
SHA1
8c79593e9b0be8c6c74bb24f57d3bf7e6f110a5d
-
SHA256
f2171eb813e4df5d0b69787db7522b419210156f79ab844593c23db9e0e26569
-
SHA512
81bc74c162aeed344b516e26abd20d75cedd78868bc9b450fd14edcb54868e566429296d85957dad4986b3fe178961b9e4cbf1f46ac9a3a63890f13fbed10d6c
-
SSDEEP
3072:pGh07HKaA9MeB8gc5l/XTxG1tdkLOeq3Yw3cECf4B3Pu60rReZcymfgpSixpr9DQ:+aA9xq5pXdGPyLODsEDRPRYeWy/SiVc
Static task
static1
Behavioral task
behavioral1
Sample
84e5cf1efe8fe07b8f5e19219dc0484f.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
84e5cf1efe8fe07b8f5e19219dc0484f.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
xtremerat
alfirdaws.no-ip.biz
Targets
-
-
Target
84e5cf1efe8fe07b8f5e19219dc0484f
-
Size
227KB
-
MD5
84e5cf1efe8fe07b8f5e19219dc0484f
-
SHA1
8c79593e9b0be8c6c74bb24f57d3bf7e6f110a5d
-
SHA256
f2171eb813e4df5d0b69787db7522b419210156f79ab844593c23db9e0e26569
-
SHA512
81bc74c162aeed344b516e26abd20d75cedd78868bc9b450fd14edcb54868e566429296d85957dad4986b3fe178961b9e4cbf1f46ac9a3a63890f13fbed10d6c
-
SSDEEP
3072:pGh07HKaA9MeB8gc5l/XTxG1tdkLOeq3Yw3cECf4B3Pu60rReZcymfgpSixpr9DQ:+aA9xq5pXdGPyLODsEDRPRYeWy/SiVc
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-