General
-
Target
a58c3a86de87912a178dfa3dec802907
-
Size
317KB
-
Sample
240226-f5gwhaea26
-
MD5
a58c3a86de87912a178dfa3dec802907
-
SHA1
8bd22a3472f64cdf928da53ff34c5f7f76b61bc1
-
SHA256
a7cb45ae13d3b223afe9770b3d703814bc71940b439e75bcb6aac41b82bf3830
-
SHA512
5ec6f989aef055ed4fdbb64161b190f5bb928b5c7e8f2052531df0b4c8e812f5802949c2084a6349d97d6277b476f5211c32e3a7dc4b43d672bba023cba23c2a
-
SSDEEP
6144:DcVoa+kiNm6LlJ+Mo4btDycigkwSQob+QwmTat9V7Zw:DOoPBNzuMFpycFw+Qwm49B
Behavioral task
behavioral1
Sample
a58c3a86de87912a178dfa3dec802907.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a58c3a86de87912a178dfa3dec802907.exe
Resource
win10v2004-20240221-en
Malware Config
Extracted
xtremerat
wer99.no-ip.org
Targets
-
-
Target
a58c3a86de87912a178dfa3dec802907
-
Size
317KB
-
MD5
a58c3a86de87912a178dfa3dec802907
-
SHA1
8bd22a3472f64cdf928da53ff34c5f7f76b61bc1
-
SHA256
a7cb45ae13d3b223afe9770b3d703814bc71940b439e75bcb6aac41b82bf3830
-
SHA512
5ec6f989aef055ed4fdbb64161b190f5bb928b5c7e8f2052531df0b4c8e812f5802949c2084a6349d97d6277b476f5211c32e3a7dc4b43d672bba023cba23c2a
-
SSDEEP
6144:DcVoa+kiNm6LlJ+Mo4btDycigkwSQob+QwmTat9V7Zw:DOoPBNzuMFpycFw+Qwm49B
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-