General
-
Target
e1279c4e8eafe5c191cf7adcd73bb3c8
-
Size
726KB
-
Sample
240327-jn1h3aag61
-
MD5
e1279c4e8eafe5c191cf7adcd73bb3c8
-
SHA1
72acfe8bd605874a94d20b3c14f82344acbe32e4
-
SHA256
089c759fd8d790be19ddaf0fdb2ab57eb09d5886a0f6a178d681debdae77a561
-
SHA512
bae3e3cb59f15f149ba2f8157853eb4e24ce7a171e30bad8f1d508fe8ae9c04c4f64a2c7fe89392e706b1ead99e05873c3feb9e81c85b545f0853814800a7e79
-
SSDEEP
12288:c4cOMK2D0y4kS1QzEGxbTS2tWqYeFQ7vi7xEE+J6bCkx+xwPaDiTui2m5MkC1hnc:AY2D0yCGxbW2tWqbFP+J6bPOLxm5MDvc
Static task
static1
Behavioral task
behavioral1
Sample
e1279c4e8eafe5c191cf7adcd73bb3c8.exe
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
e1279c4e8eafe5c191cf7adcd73bb3c8.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
xtremerat
franco1.no-ip.org
Targets
-
-
Target
e1279c4e8eafe5c191cf7adcd73bb3c8
-
Size
726KB
-
MD5
e1279c4e8eafe5c191cf7adcd73bb3c8
-
SHA1
72acfe8bd605874a94d20b3c14f82344acbe32e4
-
SHA256
089c759fd8d790be19ddaf0fdb2ab57eb09d5886a0f6a178d681debdae77a561
-
SHA512
bae3e3cb59f15f149ba2f8157853eb4e24ce7a171e30bad8f1d508fe8ae9c04c4f64a2c7fe89392e706b1ead99e05873c3feb9e81c85b545f0853814800a7e79
-
SSDEEP
12288:c4cOMK2D0y4kS1QzEGxbTS2tWqYeFQ7vi7xEE+J6bCkx+xwPaDiTui2m5MkC1hnc:AY2D0yCGxbW2tWqbFP+J6bPOLxm5MDvc
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of SetThreadContext
-