General
-
Target
dfd809f1edaf4727e7431eca0d74865c
-
Size
272KB
-
Sample
240326-xdxlbahc73
-
MD5
dfd809f1edaf4727e7431eca0d74865c
-
SHA1
1ff57127ac9144345fd792629e636ad325f4b416
-
SHA256
00171632f54e64b5d0ff8b78867e7a53b50def7cb06639d5f6e5e8bdae39eeaa
-
SHA512
ea91ba63670ffa76471814d553232ae1e88983a94b51766c26ab185f868cd98c5ec47e3114ad255829a4eb7add426764d3fd03b2e02430b1afb8e32ef436ab92
-
SSDEEP
6144:gMauJeqN2l9oCTzZzx2D49gPa9/iP5XBJrLfsLt:q3qNEBlcQoLxLELt
Static task
static1
Behavioral task
behavioral1
Sample
dfd809f1edaf4727e7431eca0d74865c.exe
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
dfd809f1edaf4727e7431eca0d74865c.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
xtremerat
alssm.no-ip.biz
Targets
-
-
Target
dfd809f1edaf4727e7431eca0d74865c
-
Size
272KB
-
MD5
dfd809f1edaf4727e7431eca0d74865c
-
SHA1
1ff57127ac9144345fd792629e636ad325f4b416
-
SHA256
00171632f54e64b5d0ff8b78867e7a53b50def7cb06639d5f6e5e8bdae39eeaa
-
SHA512
ea91ba63670ffa76471814d553232ae1e88983a94b51766c26ab185f868cd98c5ec47e3114ad255829a4eb7add426764d3fd03b2e02430b1afb8e32ef436ab92
-
SSDEEP
6144:gMauJeqN2l9oCTzZzx2D49gPa9/iP5XBJrLfsLt:q3qNEBlcQoLxLELt
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-