General
-
Target
9127cc684082436bc91e3d3ade726bce
-
Size
132KB
-
Sample
240205-f4ysmadfcp
-
MD5
9127cc684082436bc91e3d3ade726bce
-
SHA1
3a4209ec8033ca0d643fdcb04878929198778aa2
-
SHA256
8650ae97fd82c150b199d7dacc7f74c07a1ead1566d45f04a2a081832f0b66f7
-
SHA512
fe6b6ff2c4af24a24158a6112049ecac95e474a691a7cadbb835333800d12761f5d8ea4ee2feed364aac8def3a6418d3ba06cdaa92c6129b2a6962e4648b0aff
-
SSDEEP
3072:bMSncRzAOIYbmnexP37emmhzbB81Cn0/LoZv:ASncRlkn4yRN8cnIL
Behavioral task
behavioral1
Sample
9127cc684082436bc91e3d3ade726bce.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
9127cc684082436bc91e3d3ade726bce.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
9127cc684082436bc91e3d3ade726bce
-
Size
132KB
-
MD5
9127cc684082436bc91e3d3ade726bce
-
SHA1
3a4209ec8033ca0d643fdcb04878929198778aa2
-
SHA256
8650ae97fd82c150b199d7dacc7f74c07a1ead1566d45f04a2a081832f0b66f7
-
SHA512
fe6b6ff2c4af24a24158a6112049ecac95e474a691a7cadbb835333800d12761f5d8ea4ee2feed364aac8def3a6418d3ba06cdaa92c6129b2a6962e4648b0aff
-
SSDEEP
3072:bMSncRzAOIYbmnexP37emmhzbB81Cn0/LoZv:ASncRlkn4yRN8cnIL
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-