General
-
Target
a2d9a6c78101d836f450861bfbd012f1
-
Size
243KB
-
Sample
240224-17vklaff99
-
MD5
a2d9a6c78101d836f450861bfbd012f1
-
SHA1
13c80ec185952332f50ed2d241dd9cb4fe5b455c
-
SHA256
af641e6b1b8097472d553c1ae807f5fc6d87dbd1533b3a3ed5f00c8e48c610bc
-
SHA512
e8ba32a8e4583bdf7e95b2b22a16d8b2303e98401200c7c7aca3df47a5996f1cb9d0800946fc6a308e2a1eb0816fa7a21bdb71b5ef63eb13bef7143e1d765e90
-
SSDEEP
3072:XFd2Afoka0uMMGYmKlMCJ+UrxkCkK9a7+Z3wCYdj8vK1HDvhk1eSkDyfCnewUmGX:1jQwuYKs7M3jvEu1nkaCneT3NmEQC
Static task
static1
Behavioral task
behavioral1
Sample
a2d9a6c78101d836f450861bfbd012f1.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
a2d9a6c78101d836f450861bfbd012f1.exe
Resource
win10v2004-20240221-en
Malware Config
Extracted
xtremerat
umtakcicek.dyndns.org
ࠁ谀umtakcicek.dyndns.org
Targets
-
-
Target
a2d9a6c78101d836f450861bfbd012f1
-
Size
243KB
-
MD5
a2d9a6c78101d836f450861bfbd012f1
-
SHA1
13c80ec185952332f50ed2d241dd9cb4fe5b455c
-
SHA256
af641e6b1b8097472d553c1ae807f5fc6d87dbd1533b3a3ed5f00c8e48c610bc
-
SHA512
e8ba32a8e4583bdf7e95b2b22a16d8b2303e98401200c7c7aca3df47a5996f1cb9d0800946fc6a308e2a1eb0816fa7a21bdb71b5ef63eb13bef7143e1d765e90
-
SSDEEP
3072:XFd2Afoka0uMMGYmKlMCJ+UrxkCkK9a7+Z3wCYdj8vK1HDvhk1eSkDyfCnewUmGX:1jQwuYKs7M3jvEu1nkaCneT3NmEQC
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-