General
-
Target
b69a49c0d880684a452ea12139a384e4
-
Size
704KB
-
Sample
240306-fzrthsda75
-
MD5
b69a49c0d880684a452ea12139a384e4
-
SHA1
4855e94fdbaaaf3540c46f14cd31a5b6233b5a23
-
SHA256
c5c037b725f0faa03c79db6a5ce03be8a090c73c904c212af068e528c0b0e47d
-
SHA512
756d1ecd299f1506b60e1f9e8e6e4bb583e0629cdda77e2c99c142c0cf5250b1aed025bd287326a15b11e9864c4fd16e21aa5f635842d4fa0fcd1dfb84c52d61
-
SSDEEP
6144:yVCxQorM6j3wnE0zWkspyFev/sdqePfHR:iCxQoXjnzkspmx
Static task
static1
Behavioral task
behavioral1
Sample
b69a49c0d880684a452ea12139a384e4.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b69a49c0d880684a452ea12139a384e4.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
xtremerat
123boof.no-ip.org
Targets
-
-
Target
b69a49c0d880684a452ea12139a384e4
-
Size
704KB
-
MD5
b69a49c0d880684a452ea12139a384e4
-
SHA1
4855e94fdbaaaf3540c46f14cd31a5b6233b5a23
-
SHA256
c5c037b725f0faa03c79db6a5ce03be8a090c73c904c212af068e528c0b0e47d
-
SHA512
756d1ecd299f1506b60e1f9e8e6e4bb583e0629cdda77e2c99c142c0cf5250b1aed025bd287326a15b11e9864c4fd16e21aa5f635842d4fa0fcd1dfb84c52d61
-
SSDEEP
6144:yVCxQorM6j3wnE0zWkspyFev/sdqePfHR:iCxQoXjnzkspmx
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of SetThreadContext
-