General
-
Target
901eee3151a59fcb371060f82545abe2
-
Size
113KB
-
Sample
240204-zl2w4scdfq
-
MD5
901eee3151a59fcb371060f82545abe2
-
SHA1
43ab2f2222ce9929b628f694e6da4eac7d9e005f
-
SHA256
4c78c560cab7fb4b74e95765487a86becffc86766f9d49c460b4ad5f6d3ac366
-
SHA512
386b74fb383751c1a55ae2baecd0046fd53f31af4269e1432222184140d007432cb2ab2bef29e0e60a11f7b3ab5b858595baf4710e00c6dbc81c061b5b160e46
-
SSDEEP
1536:8C5p7b0RGwWtTYGUFwMeAur6vcOAFpRJNF+75DUSvHgMpvP5D9xOPcJS7:8Ido8tEMF+ErFnJkUmAMVRccJS7
Static task
static1
Behavioral task
behavioral1
Sample
901eee3151a59fcb371060f82545abe2.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
901eee3151a59fcb371060f82545abe2.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
xtremerat
x0n1rlz.no-ip.biz
Targets
-
-
Target
901eee3151a59fcb371060f82545abe2
-
Size
113KB
-
MD5
901eee3151a59fcb371060f82545abe2
-
SHA1
43ab2f2222ce9929b628f694e6da4eac7d9e005f
-
SHA256
4c78c560cab7fb4b74e95765487a86becffc86766f9d49c460b4ad5f6d3ac366
-
SHA512
386b74fb383751c1a55ae2baecd0046fd53f31af4269e1432222184140d007432cb2ab2bef29e0e60a11f7b3ab5b858595baf4710e00c6dbc81c061b5b160e46
-
SSDEEP
1536:8C5p7b0RGwWtTYGUFwMeAur6vcOAFpRJNF+75DUSvHgMpvP5D9xOPcJS7:8Ido8tEMF+ErFnJkUmAMVRccJS7
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-