General
-
Target
b20874aaeea56f89b9df659829d75ca9
-
Size
168KB
-
Sample
240304-ntn5faad92
-
MD5
b20874aaeea56f89b9df659829d75ca9
-
SHA1
8ebd7f887ebc00087b61156e3adb5fabea8850fa
-
SHA256
b927b4cb3dbe1d16df1342c4b3b966f2d133d3a2338eac8f66b49f6d882804b7
-
SHA512
e0365ed612082b2659021a97c0f3e8dc76d90b8cabb6bba57a3229fa4cc0f0ff5f53a485343d0924288d95fdb89aeac09f079e747ed6fb542de8129b69f1798d
-
SSDEEP
3072:pGCgP2gwtrP4dlpgc0qZ/RsZDGGewgnl0XbJmjeyZDGGewgNYamae0o:RMuZi/l9jZiOn
Static task
static1
Behavioral task
behavioral1
Sample
b20874aaeea56f89b9df659829d75ca9.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b20874aaeea56f89b9df659829d75ca9.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
b20874aaeea56f89b9df659829d75ca9
-
Size
168KB
-
MD5
b20874aaeea56f89b9df659829d75ca9
-
SHA1
8ebd7f887ebc00087b61156e3adb5fabea8850fa
-
SHA256
b927b4cb3dbe1d16df1342c4b3b966f2d133d3a2338eac8f66b49f6d882804b7
-
SHA512
e0365ed612082b2659021a97c0f3e8dc76d90b8cabb6bba57a3229fa4cc0f0ff5f53a485343d0924288d95fdb89aeac09f079e747ed6fb542de8129b69f1798d
-
SSDEEP
3072:pGCgP2gwtrP4dlpgc0qZ/RsZDGGewgnl0XbJmjeyZDGGewgNYamae0o:RMuZi/l9jZiOn
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-