General
-
Target
a48ebd7bd4de2fe722345c6ca8d3f489
-
Size
452KB
-
Sample
240225-zjfk4acd7y
-
MD5
a48ebd7bd4de2fe722345c6ca8d3f489
-
SHA1
8a04b235efab8ab4bb0274c311a9e165e69dcb1e
-
SHA256
000b12d343232bbd62d8ecccc799820c92d1a4afb0bedf3d14c1390d2adae8eb
-
SHA512
de9a362cad7055b5fadd631bcb797e03f4f89d3ab084d5bf493f3cfed2725b0a9d3db263297017bb96995396287d71ab4668ad12da4320f023ea8c93a43a530e
-
SSDEEP
6144:Bcfi/uIOP9291ZFJhKrH9R+xl58+nvUEyfe5iaJ:FhOFQZ8SKfGiaJ
Static task
static1
Behavioral task
behavioral1
Sample
a48ebd7bd4de2fe722345c6ca8d3f489.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a48ebd7bd4de2fe722345c6ca8d3f489.exe
Resource
win10v2004-20240221-en
Malware Config
Extracted
xtremerat
turkishwarrior.no-ip.biz
Targets
-
-
Target
a48ebd7bd4de2fe722345c6ca8d3f489
-
Size
452KB
-
MD5
a48ebd7bd4de2fe722345c6ca8d3f489
-
SHA1
8a04b235efab8ab4bb0274c311a9e165e69dcb1e
-
SHA256
000b12d343232bbd62d8ecccc799820c92d1a4afb0bedf3d14c1390d2adae8eb
-
SHA512
de9a362cad7055b5fadd631bcb797e03f4f89d3ab084d5bf493f3cfed2725b0a9d3db263297017bb96995396287d71ab4668ad12da4320f023ea8c93a43a530e
-
SSDEEP
6144:Bcfi/uIOP9291ZFJhKrH9R+xl58+nvUEyfe5iaJ:FhOFQZ8SKfGiaJ
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of SetThreadContext
-