General
-
Target
df881871142ccf07a768f25996098615
-
Size
1.2MB
-
Sample
240326-s8dpgage5y
-
MD5
df881871142ccf07a768f25996098615
-
SHA1
bd5d1f2d7cb6c5ff5f5ad55c73a47b23a083c234
-
SHA256
7e47eeeff1516d19d4bc2e2352b754b3852c1c5d73454f971d45cefebf9811bf
-
SHA512
1e1edc8c07e56543e796da62f0a10a3acbe17f288827d7e32bc8848643bc2d09630963606f7bdc09ac11bb160ac7fa354ab3e897ee2a220d623b54781d58cdfb
-
SSDEEP
24576:OFE//Tct4bOsNmAcsHQRxapPg3aO56dZEt4MmZyr6+siYBMpm0q3eTF:kSVNNB2apPg3aO56dZ+45whsiYmpvq3o
Behavioral task
behavioral1
Sample
df881871142ccf07a768f25996098615.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
df881871142ccf07a768f25996098615.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
xtremerat
⮌microsoft.servehttp.com
Targets
-
-
Target
df881871142ccf07a768f25996098615
-
Size
1.2MB
-
MD5
df881871142ccf07a768f25996098615
-
SHA1
bd5d1f2d7cb6c5ff5f5ad55c73a47b23a083c234
-
SHA256
7e47eeeff1516d19d4bc2e2352b754b3852c1c5d73454f971d45cefebf9811bf
-
SHA512
1e1edc8c07e56543e796da62f0a10a3acbe17f288827d7e32bc8848643bc2d09630963606f7bdc09ac11bb160ac7fa354ab3e897ee2a220d623b54781d58cdfb
-
SSDEEP
24576:OFE//Tct4bOsNmAcsHQRxapPg3aO56dZEt4MmZyr6+siYBMpm0q3eTF:kSVNNB2apPg3aO56dZ+45whsiYmpvq3o
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Executes dropped EXE
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-