Extracted

• • Target

    982ec0a7e4cc9470cb6885b8d816fa45

  • Size

    956KB

  • MD5

    982ec0a7e4cc9470cb6885b8d816fa45

  • SHA1

    9c550995ab7251f60ad625e5d0251374e7ca73f6

  • SHA256

    e0849ba088740afd3f09558cc1d9001b019f3bc4901563f5bc7bfedea2d38860

  • SHA512

    9c5c7ae76d406057d75b7c64f776fdc5b519bbc4b0fa29c4263e41df097ef0a05e9b934ddd95fb65ba6d1e4bfb0672c395fb22ae4f0524169a0900f03b9be7fd

  • SSDEEP

    12288:A/gctSVTWOWOdT/zvTjv95cTGMaqRL2nOxr/JZLYi8gPRyw7V57R8b8oOmn:A/FtATE67LjeJR7nV1k8Z0

  Score

  10^/10

  xtremeratpersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2