General
-
Target
b1d57d7efe9c54607c4e2c99563eb114
-
Size
54KB
-
Sample
240304-lypwesge43
-
MD5
b1d57d7efe9c54607c4e2c99563eb114
-
SHA1
737a830162ec053d1600b7d6e9bd88de9dbe35d2
-
SHA256
ae624a71026226ecf9ad150f76f3a79b9fc7974b1d7f875bd36e62b478611982
-
SHA512
3af85a6f8198a6c24e1144978491ab6d8c98a983d69e728f6997403d93b1a77975b8a466ac8c3550cb9508d44054646bc6903acafbc37ba37ac8ade6faf34261
-
SSDEEP
768:+fahvI1PA7fdtH85vNsTpNypcGKyIV5zzeZN6XESzbdrZ9LPnrS0UpamTCU3r5eW:Wp4OOpNymyuz0NOrBvrNUdj3rQZgBb2I
Behavioral task
behavioral1
Sample
b1d57d7efe9c54607c4e2c99563eb114.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
b1d57d7efe9c54607c4e2c99563eb114.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
xtremerat
511s.no-ip.biz
top511.no-ip.biz
Criar arquivo de configur2020.dyndns.biz
1010.dyndns.biz
Targets
-
-
Target
b1d57d7efe9c54607c4e2c99563eb114
-
Size
54KB
-
MD5
b1d57d7efe9c54607c4e2c99563eb114
-
SHA1
737a830162ec053d1600b7d6e9bd88de9dbe35d2
-
SHA256
ae624a71026226ecf9ad150f76f3a79b9fc7974b1d7f875bd36e62b478611982
-
SHA512
3af85a6f8198a6c24e1144978491ab6d8c98a983d69e728f6997403d93b1a77975b8a466ac8c3550cb9508d44054646bc6903acafbc37ba37ac8ade6faf34261
-
SSDEEP
768:+fahvI1PA7fdtH85vNsTpNypcGKyIV5zzeZN6XESzbdrZ9LPnrS0UpamTCU3r5eW:Wp4OOpNymyuz0NOrBvrNUdj3rQZgBb2I
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of SetThreadContext
-