General
-
Target
8ffb95d5e237a22a2773b17e34a4c6b0
-
Size
668KB
-
Sample
240204-yc91pabchl
-
MD5
8ffb95d5e237a22a2773b17e34a4c6b0
-
SHA1
7e74c23a6d66fc6ad4d6a5397642476af48735ad
-
SHA256
31eb4492dbdb099fae987f89fdb66fcd2a79367d6112a7f4a3ae47fdfa9e62d5
-
SHA512
e8a3c594e6d0009ad6cfe1f7d3341dcadac3fb536c001e0490c6b5f702abf904a30efc3964f797894c1aabbe03eb310d79ebf3e436b2a80c51dcc29de7f2aca8
-
SSDEEP
12288:+OqBS5JJ/+EkGz1lr3nxGteN4r3t8UOGz624SitfLmygYuV:/CSYE7z193Rit8UJ62BmhgjV
Static task
static1
Behavioral task
behavioral1
Sample
8ffb95d5e237a22a2773b17e34a4c6b0.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
8ffb95d5e237a22a2773b17e34a4c6b0.exe
Resource
win10v2004-20231222-en
Malware Config
Extracted
xtremerat
sweetma198.no-ip.info
Targets
-
-
Target
8ffb95d5e237a22a2773b17e34a4c6b0
-
Size
668KB
-
MD5
8ffb95d5e237a22a2773b17e34a4c6b0
-
SHA1
7e74c23a6d66fc6ad4d6a5397642476af48735ad
-
SHA256
31eb4492dbdb099fae987f89fdb66fcd2a79367d6112a7f4a3ae47fdfa9e62d5
-
SHA512
e8a3c594e6d0009ad6cfe1f7d3341dcadac3fb536c001e0490c6b5f702abf904a30efc3964f797894c1aabbe03eb310d79ebf3e436b2a80c51dcc29de7f2aca8
-
SSDEEP
12288:+OqBS5JJ/+EkGz1lr3nxGteN4r3t8UOGz624SitfLmygYuV:/CSYE7z193Rit8UJ62BmhgjV
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-