General
-
Target
b3d6ef674232af2e47181bacc8a87c8f
-
Size
88KB
-
Sample
240305-fmey7aeh6t
-
MD5
b3d6ef674232af2e47181bacc8a87c8f
-
SHA1
9e3b5029734d0512913dea64b4d4009a1922fb12
-
SHA256
8f5176b11518d6740417c443a422be9d5a14d1425d9b1f2ab3ac4e41490c3c4d
-
SHA512
556ad2bfba2425bcc69429220dc19722a2521e09ca03c13d40c32ccca6cb6f401c659c42ab209ca76a7581a41ae3abc4955e56e8adade549b880fa61c14f40ae
-
SSDEEP
1536:/gsq+QV4rObAdNoAf5UqiYmlArNwsloxwja:d44rOR1Atloxp
Behavioral task
behavioral1
Sample
b3d6ef674232af2e47181bacc8a87c8f.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b3d6ef674232af2e47181bacc8a87c8f.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
xtremerat
laptope.sytes.net
Targets
-
-
Target
b3d6ef674232af2e47181bacc8a87c8f
-
Size
88KB
-
MD5
b3d6ef674232af2e47181bacc8a87c8f
-
SHA1
9e3b5029734d0512913dea64b4d4009a1922fb12
-
SHA256
8f5176b11518d6740417c443a422be9d5a14d1425d9b1f2ab3ac4e41490c3c4d
-
SHA512
556ad2bfba2425bcc69429220dc19722a2521e09ca03c13d40c32ccca6cb6f401c659c42ab209ca76a7581a41ae3abc4955e56e8adade549b880fa61c14f40ae
-
SSDEEP
1536:/gsq+QV4rObAdNoAf5UqiYmlArNwsloxwja:d44rOR1Atloxp
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-