General
-
Target
8d9d1e8bc4dc527d44bedcd8ac7c16a6
-
Size
796KB
-
Sample
240203-28xxsaeeam
-
MD5
8d9d1e8bc4dc527d44bedcd8ac7c16a6
-
SHA1
0a2fd33daab48eb130c1363178c2ad5e2b6d0a1d
-
SHA256
eea3b797f4d9001954be563a1998ee34bb29781acf47abe76a6810c9203b1890
-
SHA512
1a95b022dccf88b00eea058d053e9d3294bc560bf5c5bf8d91fa8887e9779bdf9caa2f4b0609eb168514ab563803b83b6bea2d453daddedca8715d34570378e5
-
SSDEEP
3072:LjGV0FxQor6uW6jQq2b8sZpP7j8JfeT3Ep+7mh5RfrWjT+qbeCuqK:LiVCxQorM6jv2YsZpP8JfedChjr6Nu
Static task
static1
Behavioral task
behavioral1
Sample
8d9d1e8bc4dc527d44bedcd8ac7c16a6.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
8d9d1e8bc4dc527d44bedcd8ac7c16a6.exe
Resource
win10v2004-20231222-en
Malware Config
Extracted
xtremerat
123boof.no-ip.org
Targets
-
-
Target
8d9d1e8bc4dc527d44bedcd8ac7c16a6
-
Size
796KB
-
MD5
8d9d1e8bc4dc527d44bedcd8ac7c16a6
-
SHA1
0a2fd33daab48eb130c1363178c2ad5e2b6d0a1d
-
SHA256
eea3b797f4d9001954be563a1998ee34bb29781acf47abe76a6810c9203b1890
-
SHA512
1a95b022dccf88b00eea058d053e9d3294bc560bf5c5bf8d91fa8887e9779bdf9caa2f4b0609eb168514ab563803b83b6bea2d453daddedca8715d34570378e5
-
SSDEEP
3072:LjGV0FxQor6uW6jQq2b8sZpP7j8JfeT3Ep+7mh5RfrWjT+qbeCuqK:LiVCxQorM6jv2YsZpP8JfedChjr6Nu
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of SetThreadContext
-