General
-
Target
b2151cc499871da9898bf11b82d9b128
-
Size
384KB
-
Sample
240304-n98tsaah79
-
MD5
b2151cc499871da9898bf11b82d9b128
-
SHA1
60a74fdbfd6e96885babb944531330dd066c1f91
-
SHA256
fc80bf24edc58e548eed7eb045cdfb7b3940c373ae7a292a816e57d6ea42b123
-
SHA512
106fb090c03178a3a5d6c039930a1d8e291ff0bf3591d242ef4b40359b116ab9b278f2c1c5ad205487de7d04ae269b6a88a564bd650f60a88c4b6148c7b13e96
-
SSDEEP
6144:mDuXGpcRRu3E5rPzWS2jXkX+xiW6y5lr5/0KrwHqG2DFTUbKQX9DRnmwfFHxIg6u:mF45rPzWXj9j1eKS6FT2FX9tmAhp6+0e
Static task
static1
Behavioral task
behavioral1
Sample
b2151cc499871da9898bf11b82d9b128.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b2151cc499871da9898bf11b82d9b128.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
xtremerat
haitham.no-ip.info
Targets
-
-
Target
b2151cc499871da9898bf11b82d9b128
-
Size
384KB
-
MD5
b2151cc499871da9898bf11b82d9b128
-
SHA1
60a74fdbfd6e96885babb944531330dd066c1f91
-
SHA256
fc80bf24edc58e548eed7eb045cdfb7b3940c373ae7a292a816e57d6ea42b123
-
SHA512
106fb090c03178a3a5d6c039930a1d8e291ff0bf3591d242ef4b40359b116ab9b278f2c1c5ad205487de7d04ae269b6a88a564bd650f60a88c4b6148c7b13e96
-
SSDEEP
6144:mDuXGpcRRu3E5rPzWS2jXkX+xiW6y5lr5/0KrwHqG2DFTUbKQX9DRnmwfFHxIg6u:mF45rPzWXj9j1eKS6FT2FX9tmAhp6+0e
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-