General
-
Target
b0631a4798438fdf2d5ad34de0222b92
-
Size
236KB
-
Sample
240303-zkhf3sgg73
-
MD5
b0631a4798438fdf2d5ad34de0222b92
-
SHA1
24d30e339a73372234790146df7c6aa4f7c75a4c
-
SHA256
931502bc79b5bd2a5d05e196edf60411e779bdaa2df9c4c58d8a507ab69e8538
-
SHA512
2fb0f371c4e3fd4109e1cf369ceb5388139af3fd364e5439477f5e9582b9bf1deaca932b7ede11c4ebf916e401525a985c622ad0a5817cd1d36b4ea0b3d36079
-
SSDEEP
6144:K6ORml+g8HgQ5XGnbf4r81KLGWCYLHOa9TjeeU:3O48HTig8AxCYjOawR
Static task
static1
Behavioral task
behavioral1
Sample
b0631a4798438fdf2d5ad34de0222b92.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b0631a4798438fdf2d5ad34de0222b92.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
xtremerat
amrmora.no-ip.org
Targets
-
-
Target
b0631a4798438fdf2d5ad34de0222b92
-
Size
236KB
-
MD5
b0631a4798438fdf2d5ad34de0222b92
-
SHA1
24d30e339a73372234790146df7c6aa4f7c75a4c
-
SHA256
931502bc79b5bd2a5d05e196edf60411e779bdaa2df9c4c58d8a507ab69e8538
-
SHA512
2fb0f371c4e3fd4109e1cf369ceb5388139af3fd364e5439477f5e9582b9bf1deaca932b7ede11c4ebf916e401525a985c622ad0a5817cd1d36b4ea0b3d36079
-
SSDEEP
6144:K6ORml+g8HgQ5XGnbf4r81KLGWCYLHOa9TjeeU:3O48HTig8AxCYjOawR
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of SetThreadContext
-