General
-
Target
8cda651a2958930a5c233d841940c2d9
-
Size
187KB
-
Sample
240203-vfd6msdhh8
-
MD5
8cda651a2958930a5c233d841940c2d9
-
SHA1
af7949a15390e8e1f3251e8bf9344d3b4c0538fc
-
SHA256
4b2f8f49063ee9b973867f0d1e72923dd72df98c2c0b607ce619bf71a9810eb6
-
SHA512
9ce7913ecbbb9425740b7dd7e3dc883f8cdfac1cafdae765ec3f1bec84ddbb426523ea8e058ee7d897924cddb70c8f8b55f617eb276ff3432ad82f1b7302a317
-
SSDEEP
3072:Vd6RjrfJVUmYrfpR7yx4KS7PkSjRJ9f5c7G22OxGaXeGFdQT8VC1eZuVO8G93Px:7A3rUmSpdgUscF5c7G22OxGaXeGFdQTK
Static task
static1
Behavioral task
behavioral1
Sample
8cda651a2958930a5c233d841940c2d9.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
8cda651a2958930a5c233d841940c2d9.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
xtremerat
stylor.no-ip.org
Targets
-
-
Target
8cda651a2958930a5c233d841940c2d9
-
Size
187KB
-
MD5
8cda651a2958930a5c233d841940c2d9
-
SHA1
af7949a15390e8e1f3251e8bf9344d3b4c0538fc
-
SHA256
4b2f8f49063ee9b973867f0d1e72923dd72df98c2c0b607ce619bf71a9810eb6
-
SHA512
9ce7913ecbbb9425740b7dd7e3dc883f8cdfac1cafdae765ec3f1bec84ddbb426523ea8e058ee7d897924cddb70c8f8b55f617eb276ff3432ad82f1b7302a317
-
SSDEEP
3072:Vd6RjrfJVUmYrfpR7yx4KS7PkSjRJ9f5c7G22OxGaXeGFdQT8VC1eZuVO8G93Px:7A3rUmSpdgUscF5c7G22OxGaXeGFdQTK
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-