General
-
Target
a6506a40d522a744be02abe57dd40864
-
Size
661KB
-
Sample
240226-pa6e2sde4x
-
MD5
a6506a40d522a744be02abe57dd40864
-
SHA1
35eb03893099f7f97fd08ecb0bf48f5d73f05c24
-
SHA256
0b9ae5b5e11e103e80c80e90d2aa3105accf8babbc1525a39def89105bc4092d
-
SHA512
373b97614840dd795dcd09ac7967a2d2b78379a53cdc96da71c6f489ec79b24eabc9b1ecdddbe5251d829da01959c9fc665d30cb5a0b757c50edbaa144fd64b4
-
SSDEEP
6144:1XFjjxnIgK54IQzeeeL4/QPnIgK54IQzeeeL4/Q9711j:11j9IgKKM4YPIgKKM4Yl1t
Behavioral task
behavioral1
Sample
a6506a40d522a744be02abe57dd40864.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a6506a40d522a744be02abe57dd40864.exe
Resource
win10v2004-20240221-en
Malware Config
Extracted
xtremerat
oudy.no-ip.biz
Targets
-
-
Target
a6506a40d522a744be02abe57dd40864
-
Size
661KB
-
MD5
a6506a40d522a744be02abe57dd40864
-
SHA1
35eb03893099f7f97fd08ecb0bf48f5d73f05c24
-
SHA256
0b9ae5b5e11e103e80c80e90d2aa3105accf8babbc1525a39def89105bc4092d
-
SHA512
373b97614840dd795dcd09ac7967a2d2b78379a53cdc96da71c6f489ec79b24eabc9b1ecdddbe5251d829da01959c9fc665d30cb5a0b757c50edbaa144fd64b4
-
SSDEEP
6144:1XFjjxnIgK54IQzeeeL4/QPnIgK54IQzeeeL4/Q9711j:11j9IgKKM4YPIgKKM4Yl1t
Score10/10-
Detect XtremeRAT payload
-
Modifies WinLogon for persistence
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Adds policy Run key to start application
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-