Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
03-02-2024 08:08
Behavioral task
behavioral1
Sample
8bd4640d8fb6f9fae84cb0e000ead681.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
8bd4640d8fb6f9fae84cb0e000ead681.exe
Resource
win10v2004-20231222-en
General
-
Target
8bd4640d8fb6f9fae84cb0e000ead681.exe
-
Size
65KB
-
MD5
8bd4640d8fb6f9fae84cb0e000ead681
-
SHA1
81c189adbece5ca5a7805d0f053fe395d0646659
-
SHA256
25c73df8c66bd861dfa9022b40b287e325d4ba3ff3c130e5f115e2376b29a83c
-
SHA512
29a79d98c6fcb75e97f06b0cb94c48ecdb3596f83d196eabdd8f583d69565921ceb907ce5e80439a93db0f01f5d0e246396b4711dca5ab1fe3da7e10e524a8b8
-
SSDEEP
768:E9m1Sq4NQNLBGH1vcz0wDeeQuMVTyN8ihHo37Vmd6AeXVtWAW7A+7yoNwqXSAHUp:lsq+QI6ZQuIyJh0mgA+FW0gNwEi
Malware Config
Signatures
-
Detect XtremeRAT payload 6 IoCs
Processes:
resource yara_rule behavioral2/memory/2772-0-0x0000000010000000-0x0000000010048000-memory.dmp family_xtremerat behavioral2/memory/2772-1-0x0000000010000000-0x0000000010048000-memory.dmp family_xtremerat behavioral2/memory/2772-2-0x0000000010000000-0x0000000010048000-memory.dmp family_xtremerat behavioral2/memory/2772-3-0x0000000010000000-0x0000000010048000-memory.dmp family_xtremerat behavioral2/memory/2772-4-0x0000000010000000-0x0000000010048000-memory.dmp family_xtremerat behavioral2/memory/2772-8-0x0000000010000000-0x0000000010048000-memory.dmp family_xtremerat -
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).