General
-
Target
907b85ab796fd103ca610f91714e4bad
-
Size
701KB
-
Sample
240204-3t3p6afgfj
-
MD5
907b85ab796fd103ca610f91714e4bad
-
SHA1
3c8e9171f6a14008e141737ddb7120df85c96a6b
-
SHA256
3acdef6b773fcae4790f0f31470f95f15be01b0ee7553c706ca12bb75fc337c1
-
SHA512
ea40248dbc67516cdc8dbb0670879650a8a3afc123525abce1b2aa900687f937110e195ebec7021b8cf7915f153914427f0596cc13921c4183334d34e6875283
-
SSDEEP
12288:chkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4aaGFMzw:URmJkcoQricOIQxiZY1iaaGFME
Static task
static1
Behavioral task
behavioral1
Sample
907b85ab796fd103ca610f91714e4bad.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
907b85ab796fd103ca610f91714e4bad.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
907b85ab796fd103ca610f91714e4bad
-
Size
701KB
-
MD5
907b85ab796fd103ca610f91714e4bad
-
SHA1
3c8e9171f6a14008e141737ddb7120df85c96a6b
-
SHA256
3acdef6b773fcae4790f0f31470f95f15be01b0ee7553c706ca12bb75fc337c1
-
SHA512
ea40248dbc67516cdc8dbb0670879650a8a3afc123525abce1b2aa900687f937110e195ebec7021b8cf7915f153914427f0596cc13921c4183334d34e6875283
-
SSDEEP
12288:chkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4aaGFMzw:URmJkcoQricOIQxiZY1iaaGFME
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-