Extracted

• • Target

    c08d396078b9fa1cf6ded3e455e1b4cc

  • Size

    438KB

  • MD5

    c08d396078b9fa1cf6ded3e455e1b4cc

  • SHA1

    e0b51d3423144663582d8e75fa26a4f2fe4e5f32

  • SHA256

    f8168fcb9494edcf085245b170c4584ba9c33559559bb7ebf6ac5a06508ccad4

  • SHA512

    2f5f5d67b95eb7a7802a9fff097b14aabcf64d7c2bb7760b400a85d08568ae6febe53bc7de69e222062d9298616f43db35309589ffae32908c51061ee105aae2

  • SSDEEP

    12288:2VFFEqmvg4nyNh+OjXG4qfROGapCB0PWdUQ:uXE1g8oxLz03GCB0P3Q

  Score

  10^/10

  xtremeratpersistenceratspyware

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2