General
-
Target
9148a68cc64a0ba3c0a541f666526b90
-
Size
248KB
-
Sample
240205-hbdm4aegbj
-
MD5
9148a68cc64a0ba3c0a541f666526b90
-
SHA1
adeb03e2d2faa2522d404dcf23edc02c2b0e9e1b
-
SHA256
ff6370d7ca311c96c4f4a45e899ad86ad520a7039c94051438830888faeaba9a
-
SHA512
09f7cd502138973546c55564b212437924518640a41940b5444cc5b9d34e6bb3e530b43de4e382f70a0d707bcbedecd54593a4e683143f967cbbc1e82518bbec
-
SSDEEP
6144:ULPILXqdScn3bpDGs8BcMMeU2kMlm4q4AgCNWLIwoJQF9VJ:ULPnVndvmxnUz4AgSCIUn3
Static task
static1
Behavioral task
behavioral1
Sample
9148a68cc64a0ba3c0a541f666526b90.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
9148a68cc64a0ba3c0a541f666526b90.exe
Resource
win10v2004-20231222-en
Malware Config
Extracted
xtremerat
wer99.no-ip.org
Targets
-
-
Target
9148a68cc64a0ba3c0a541f666526b90
-
Size
248KB
-
MD5
9148a68cc64a0ba3c0a541f666526b90
-
SHA1
adeb03e2d2faa2522d404dcf23edc02c2b0e9e1b
-
SHA256
ff6370d7ca311c96c4f4a45e899ad86ad520a7039c94051438830888faeaba9a
-
SHA512
09f7cd502138973546c55564b212437924518640a41940b5444cc5b9d34e6bb3e530b43de4e382f70a0d707bcbedecd54593a4e683143f967cbbc1e82518bbec
-
SSDEEP
6144:ULPILXqdScn3bpDGs8BcMMeU2kMlm4q4AgCNWLIwoJQF9VJ:ULPnVndvmxnUz4AgSCIUn3
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-