Extracted

• • Target

    deb55681e1c0a3e2ea3f0cc236a13886

  • Size

    260KB

  • MD5

    deb55681e1c0a3e2ea3f0cc236a13886

  • SHA1

    a49f6045b096277dfd94299c91707207b5f08bf0

  • SHA256

    e6459c10330c193df22b78749ba27c23722bfc5baff6b39920b5141b457e7a88

  • SHA512

    8b46a344b2684d5b544e5e1b2fd94900f0e8a4ad6e1760f6b00810fc818b42a14e21ae1f143e6c6aa1186cce55570d793abf3b1468ef30d2ce8e57f997c0108d

  • SSDEEP

    6144:uPHGYJWbBUNDRUZc8q9H14NTf/DO9RDs6gzLAnbS1S+LoMtE:IzgbBCRp4HO9Rt8LAnbS1voR

  Score

  10^/10

  xtremeratpersistenceratspyware

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Modifies Installed Components in the registry

    persistence

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2