General
-
Target
b66efaafe2f9a283c9259b9606c02867
-
Size
1.3MB
-
Sample
240306-ecdspsbf44
-
MD5
b66efaafe2f9a283c9259b9606c02867
-
SHA1
5e8cdc54053a78cba005d3d3a0c7551343ed0178
-
SHA256
9101b64374031a1b14a7dcf5c9c4afd8715e67da8704ffd74727349571713494
-
SHA512
9862a979855a44389bebd8e455176bf69adf6acc00a62424390b4c240fbc3027c0a3fd8b2d04adfb3117ddb5d969ed5e8da453eebacdf7b9794023e10d96d281
-
SSDEEP
24576:Wq6gwt+M9LXNI1JyQOH9ZDZsy0lh4IorVi9/YHV31RKctRD4kAf:W6wtfXKDyx9Z2yK6Vi9w131j7DK
Static task
static1
Behavioral task
behavioral1
Sample
b66efaafe2f9a283c9259b9606c02867.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
b66efaafe2f9a283c9259b9606c02867.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
b66efaafe2f9a283c9259b9606c02867
-
Size
1.3MB
-
MD5
b66efaafe2f9a283c9259b9606c02867
-
SHA1
5e8cdc54053a78cba005d3d3a0c7551343ed0178
-
SHA256
9101b64374031a1b14a7dcf5c9c4afd8715e67da8704ffd74727349571713494
-
SHA512
9862a979855a44389bebd8e455176bf69adf6acc00a62424390b4c240fbc3027c0a3fd8b2d04adfb3117ddb5d969ed5e8da453eebacdf7b9794023e10d96d281
-
SSDEEP
24576:Wq6gwt+M9LXNI1JyQOH9ZDZsy0lh4IorVi9/YHV31RKctRD4kAf:W6wtfXKDyx9Z2yK6Vi9w131j7DK
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-