General
-
Target
e19d71889327306d67795d3a09028b2e
-
Size
188KB
-
Sample
240327-n5mezsef7z
-
MD5
e19d71889327306d67795d3a09028b2e
-
SHA1
d8082f4ee84afae2d377474448ed000a399268df
-
SHA256
9226d54108c1d3e1539d0ab34a9785d498b1f35a03d957214d1f0b4873d997ba
-
SHA512
427f4d02ce54de7a98003089a1a14d701c771129587e4ec5d2975b41abf7f63dcaa3d1c985f85b00f2c850a0abe5c69897ece72e11858fb834e29f7d6a90d850
-
SSDEEP
3072:tHRjk+BeS0lG19lET8Vr8CQwu0hxb7s96HM0XUGXU2Fo21364EoiJeeI+StSqYLW:Hk+BJ0lGwk4CQwJx/AnVW5GJZ2tNYLjy
Static task
static1
Behavioral task
behavioral1
Sample
e19d71889327306d67795d3a09028b2e.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e19d71889327306d67795d3a09028b2e.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
xtremerat
godfatherbebers.no-ip.biz
Targets
-
-
Target
e19d71889327306d67795d3a09028b2e
-
Size
188KB
-
MD5
e19d71889327306d67795d3a09028b2e
-
SHA1
d8082f4ee84afae2d377474448ed000a399268df
-
SHA256
9226d54108c1d3e1539d0ab34a9785d498b1f35a03d957214d1f0b4873d997ba
-
SHA512
427f4d02ce54de7a98003089a1a14d701c771129587e4ec5d2975b41abf7f63dcaa3d1c985f85b00f2c850a0abe5c69897ece72e11858fb834e29f7d6a90d850
-
SSDEEP
3072:tHRjk+BeS0lG19lET8Vr8CQwu0hxb7s96HM0XUGXU2Fo21364EoiJeeI+StSqYLW:Hk+BJ0lGwk4CQwJx/AnVW5GJZ2tNYLjy
-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-