General
-
Target
a261d05e838a359419f5dbc7651b95b8
-
Size
280KB
-
Sample
240224-wfqecaaa33
-
MD5
a261d05e838a359419f5dbc7651b95b8
-
SHA1
e60721c1d45391d504fbd5d60c4c662f315b282c
-
SHA256
6e7c0cd4c136d2fcf86b2cd6dcee7c01115e52d7366acf250b38ae3290b615b0
-
SHA512
ced39503e7ab396e90f5f90971066a1483ddc61c18c9cdb1106a45bac946de03642a9a3f1cf9cf628114bc5a6a894b93adf4a2aad0d16487c71c4df3e15a94aa
-
SSDEEP
6144:RzG8nriOnW/rGgGTVI7oMtzSokDp77d8w1Ya8B0jJynO4n:x1DYrKy7VfO2w1IE4n
Static task
static1
Behavioral task
behavioral1
Sample
a261d05e838a359419f5dbc7651b95b8.exe
Resource
win7-20240221-en
Malware Config
Extracted
xtremerat
backtrack5.no-ip.info
Targets
-
-
Target
a261d05e838a359419f5dbc7651b95b8
-
Size
280KB
-
MD5
a261d05e838a359419f5dbc7651b95b8
-
SHA1
e60721c1d45391d504fbd5d60c4c662f315b282c
-
SHA256
6e7c0cd4c136d2fcf86b2cd6dcee7c01115e52d7366acf250b38ae3290b615b0
-
SHA512
ced39503e7ab396e90f5f90971066a1483ddc61c18c9cdb1106a45bac946de03642a9a3f1cf9cf628114bc5a6a894b93adf4a2aad0d16487c71c4df3e15a94aa
-
SSDEEP
6144:RzG8nriOnW/rGgGTVI7oMtzSokDp77d8w1Ya8B0jJynO4n:x1DYrKy7VfO2w1IE4n
-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-