Overview

overview

10

Static

static

3

8be4839863...18.exe

windows7-x64

10

8be4839863...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8be4839863a93ea3cef6bf60b6311218

  • Size

    170KB

  • Sample

    240203-klfxbaffgm

  • MD5

    8be4839863a93ea3cef6bf60b6311218

  • SHA1

    2c9e5f29c3da1b501262aff7751b204a30b5e32c

  • SHA256

    6db8ad2794d2c65a3c6b6a21a6eeef5aec6b1ea245b97dfd73e308bb25648315

  • SHA512

    7cac84ed99d5498418c04358d57e025bf21eca77418f845c239c429446faa75b6a0a0002f1c374410d3427944d8e4f8444263bb065dccd17f2a438ec4ba93cab

  • SSDEEP

    3072:zKEKmrDUskUVIKkAX/0L0rZmm1sJmvxHfi/R1+aJe1mgawzxsBub861jIHxownLj:zKE5IIL7JnYRUTV5nLrQLulIGsZ

Score
10/10
xtremeratpersistenceratspywareupx

Malware Config

Targets

    • Target

      8be4839863a93ea3cef6bf60b6311218

    • Size

      170KB

    • MD5

      8be4839863a93ea3cef6bf60b6311218

    • SHA1

      2c9e5f29c3da1b501262aff7751b204a30b5e32c

    • SHA256

      6db8ad2794d2c65a3c6b6a21a6eeef5aec6b1ea245b97dfd73e308bb25648315

    • SHA512

      7cac84ed99d5498418c04358d57e025bf21eca77418f845c239c429446faa75b6a0a0002f1c374410d3427944d8e4f8444263bb065dccd17f2a438ec4ba93cab

    • SSDEEP

      3072:zKEKmrDUskUVIKkAX/0L0rZmm1sJmvxHfi/R1+aJe1mgawzxsBub861jIHxownLj:zKE5IIL7JnYRUTV5nLrQLulIGsZ

    Score
    10/10
    xtremeratpersistenceratspywareupx

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

      persistencespywareratxtremerat

    • Modifies Installed Components in the registry

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks