General
-
Target
b70560b217593bd69feed94c883f38a6
-
Size
484KB
-
Sample
240306-ktzpdsgf85
-
MD5
b70560b217593bd69feed94c883f38a6
-
SHA1
8463415d59086cad9fa5aa417e603925e4f6d34d
-
SHA256
754567bd064a3e9ea7bf37f54db6b0897535d90cf35a931ca31d4b1e85566f8f
-
SHA512
487895cdfa7aa7a1440c56d3fba6b92478a5527cbaff4a52c790ed39b033d5a0583d75d4d7490ccc00fef897e5975eedc1240051cd269d9770f337a9b5e0f7e4
-
SSDEEP
12288:wm0M7wWo5ilMmj8te+WwGUXeMW2+pd167QhE9o1ke:wm0F7ElMmj8tcnGe56EhSoee
Static task
static1
Behavioral task
behavioral1
Sample
b70560b217593bd69feed94c883f38a6.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b70560b217593bd69feed94c883f38a6.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
xtremerat
rabah1627.zapto.org
Targets
-
-
Target
b70560b217593bd69feed94c883f38a6
-
Size
484KB
-
MD5
b70560b217593bd69feed94c883f38a6
-
SHA1
8463415d59086cad9fa5aa417e603925e4f6d34d
-
SHA256
754567bd064a3e9ea7bf37f54db6b0897535d90cf35a931ca31d4b1e85566f8f
-
SHA512
487895cdfa7aa7a1440c56d3fba6b92478a5527cbaff4a52c790ed39b033d5a0583d75d4d7490ccc00fef897e5975eedc1240051cd269d9770f337a9b5e0f7e4
-
SSDEEP
12288:wm0M7wWo5ilMmj8te+WwGUXeMW2+pd167QhE9o1ke:wm0F7ElMmj8tcnGe56EhSoee
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-