General
-
Target
afb2547a6a546a00e640e6ad45594247
-
Size
351KB
-
Sample
240229-211cyafd88
-
MD5
afb2547a6a546a00e640e6ad45594247
-
SHA1
fa5bde5996e5108a45d3d5a22d9c17acdad08264
-
SHA256
799bc643cfd5b436e6226d5c42e3bef2cae2a4dcd5839924acfcd10fd403036b
-
SHA512
8abfbb256d8b78bdb4e2046996c8a589062e416cd32935642bde463acbe341e0582ded3dffb9fe736875ea62bcb1f42e1996156e1af7cbea36d2bebf8047115c
-
SSDEEP
3072:PrMUbMvKPFqJHOULc5kAVerPSfa+S1b7ziXFFJyiyO9BeBg5LfhVGjkVBw/TMGZT:j8a/S1OzJ7DDfhVGGIzxpXkIdZr
Static task
static1
Behavioral task
behavioral1
Sample
afb2547a6a546a00e640e6ad45594247.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
afb2547a6a546a00e640e6ad45594247.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
afb2547a6a546a00e640e6ad45594247
-
Size
351KB
-
MD5
afb2547a6a546a00e640e6ad45594247
-
SHA1
fa5bde5996e5108a45d3d5a22d9c17acdad08264
-
SHA256
799bc643cfd5b436e6226d5c42e3bef2cae2a4dcd5839924acfcd10fd403036b
-
SHA512
8abfbb256d8b78bdb4e2046996c8a589062e416cd32935642bde463acbe341e0582ded3dffb9fe736875ea62bcb1f42e1996156e1af7cbea36d2bebf8047115c
-
SSDEEP
3072:PrMUbMvKPFqJHOULc5kAVerPSfa+S1b7ziXFFJyiyO9BeBg5LfhVGjkVBw/TMGZT:j8a/S1OzJ7DDfhVGGIzxpXkIdZr
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-