General
-
Target
dfd0ad3cadfacaf1aba4b121259d4b29
-
Size
89KB
-
Sample
240326-w4qp1sgh73
-
MD5
dfd0ad3cadfacaf1aba4b121259d4b29
-
SHA1
f99bc3d44522050f2df0ae570c7cec0d02b6ee67
-
SHA256
246e9083831c3ed492b4a213e524aafb163edcb382217bb672842e9e31b15c91
-
SHA512
9baeb3a9459073b896c001558fa38c613d849015821f52ac97c50dd39598b7c4060b2259ac519306b8fcd8aa4332ce240656f0744d5d01186752dd5f484e1ba4
-
SSDEEP
1536:HkrS9OqHjp0tyFZAE84RKJIQoFpBT61Vsz0NOrBvrNUdj3rQZg0HBI:ErSUqHu0Zk4wJxoFpg4z0NOlvr03r2gj
Static task
static1
Behavioral task
behavioral1
Sample
dfd0ad3cadfacaf1aba4b121259d4b29.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
dfd0ad3cadfacaf1aba4b121259d4b29.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
xtremerat
kokostar.sytes.net
Targets
-
-
Target
dfd0ad3cadfacaf1aba4b121259d4b29
-
Size
89KB
-
MD5
dfd0ad3cadfacaf1aba4b121259d4b29
-
SHA1
f99bc3d44522050f2df0ae570c7cec0d02b6ee67
-
SHA256
246e9083831c3ed492b4a213e524aafb163edcb382217bb672842e9e31b15c91
-
SHA512
9baeb3a9459073b896c001558fa38c613d849015821f52ac97c50dd39598b7c4060b2259ac519306b8fcd8aa4332ce240656f0744d5d01186752dd5f484e1ba4
-
SSDEEP
1536:HkrS9OqHjp0tyFZAE84RKJIQoFpBT61Vsz0NOrBvrNUdj3rQZg0HBI:ErSUqHu0Zk4wJxoFpg4z0NOlvr03r2gj
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-