General
-
Target
a5539e2dd3a08d1dc47e5a56cb1242f7
-
Size
44KB
-
Sample
240226-d5dgzacc8s
-
MD5
a5539e2dd3a08d1dc47e5a56cb1242f7
-
SHA1
fda44ff5cda685cfa2bc53f6e5488180a610cdc6
-
SHA256
43d1870dfe95618f83394e3c30429ee6d5724c6c344f14742dd6c01bbb7a2bb4
-
SHA512
19ec7ba47418dd502ad876fc4665c3bcaf56ff3edbc8554bdcc3d651d73954f969630c109e5bb9950bca0172950c9119f20e7bdc07aab9b8aeeed1defaad1373
-
SSDEEP
768:rJr+tjFqTPkAlfzth1lr6an3smTq8uvm2DfOTwYPIGzoOL:9yRUHlrr1lr6an3TZuvm2buQaoOL
Behavioral task
behavioral1
Sample
a5539e2dd3a08d1dc47e5a56cb1242f7.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a5539e2dd3a08d1dc47e5a56cb1242f7.exe
Resource
win10v2004-20240221-en
Malware Config
Extracted
xtremerat
kahba88.zapto.org
Targets
-
-
Target
a5539e2dd3a08d1dc47e5a56cb1242f7
-
Size
44KB
-
MD5
a5539e2dd3a08d1dc47e5a56cb1242f7
-
SHA1
fda44ff5cda685cfa2bc53f6e5488180a610cdc6
-
SHA256
43d1870dfe95618f83394e3c30429ee6d5724c6c344f14742dd6c01bbb7a2bb4
-
SHA512
19ec7ba47418dd502ad876fc4665c3bcaf56ff3edbc8554bdcc3d651d73954f969630c109e5bb9950bca0172950c9119f20e7bdc07aab9b8aeeed1defaad1373
-
SSDEEP
768:rJr+tjFqTPkAlfzth1lr6an3smTq8uvm2DfOTwYPIGzoOL:9yRUHlrr1lr6an3TZuvm2buQaoOL
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-