General
-
Target
9001af564039f77fda1d890153a599e2
-
Size
80KB
-
Sample
240204-ykdbpabefn
-
MD5
9001af564039f77fda1d890153a599e2
-
SHA1
78d43a65f42a265c588fe7f0c65a5a73c6a05464
-
SHA256
ff2d3ac7d2f768dc94554df7a40a1d2f8ee8e1d0843a14de573c275d3ab40de6
-
SHA512
98bde20452ded3afea98a5109e52838acc391d856f124fa02116910202ae6cc1e0048946b209847effc4bd9ba9ff1e8e63abdfeccdd1b09fad2fdd6a2bea4999
-
SSDEEP
768:u4egZtpjuTZsy8RXLbUKFHzoxBGEe5q1popcPna:zYd58RXLbUcToxBAWpopS
Behavioral task
behavioral1
Sample
9001af564039f77fda1d890153a599e2.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
9001af564039f77fda1d890153a599e2.exe
Resource
win10v2004-20231222-en
Malware Config
Targets
-
-
Target
9001af564039f77fda1d890153a599e2
-
Size
80KB
-
MD5
9001af564039f77fda1d890153a599e2
-
SHA1
78d43a65f42a265c588fe7f0c65a5a73c6a05464
-
SHA256
ff2d3ac7d2f768dc94554df7a40a1d2f8ee8e1d0843a14de573c275d3ab40de6
-
SHA512
98bde20452ded3afea98a5109e52838acc391d856f124fa02116910202ae6cc1e0048946b209847effc4bd9ba9ff1e8e63abdfeccdd1b09fad2fdd6a2bea4999
-
SSDEEP
768:u4egZtpjuTZsy8RXLbUKFHzoxBGEe5q1popcPna:zYd58RXLbUcToxBAWpopS
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-