General
-
Target
e1bb640f0730de9d3c7184a03b54048d
-
Size
292KB
-
Sample
240327-p9p74scf54
-
MD5
e1bb640f0730de9d3c7184a03b54048d
-
SHA1
54304fc92e77c4701d51d32a0f3edf9675c2bf5d
-
SHA256
d5a79352b0109716c34bad9852262f1b793c99dd500bf64671d11fa5bbc8a1f0
-
SHA512
2a6cc270070e3fa176c7aae8b19a27a374d839fbc18e213a8c8d46225bafd22a192a72b9ef3256664c685d68b100e1fd0569718887d2817ddc13a47b48e218e6
-
SSDEEP
6144:1XFjjwgN2WfEjI75nuWDQbjAN2WfEjI75nuWDQbjNziDAQqaZ1xnwU:11jBN7fn5nPmAN7fn5nPmNiDCM
Behavioral task
behavioral1
Sample
e1bb640f0730de9d3c7184a03b54048d.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e1bb640f0730de9d3c7184a03b54048d.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
xtremerat
oudy.no-ip.biz
Targets
-
-
Target
e1bb640f0730de9d3c7184a03b54048d
-
Size
292KB
-
MD5
e1bb640f0730de9d3c7184a03b54048d
-
SHA1
54304fc92e77c4701d51d32a0f3edf9675c2bf5d
-
SHA256
d5a79352b0109716c34bad9852262f1b793c99dd500bf64671d11fa5bbc8a1f0
-
SHA512
2a6cc270070e3fa176c7aae8b19a27a374d839fbc18e213a8c8d46225bafd22a192a72b9ef3256664c685d68b100e1fd0569718887d2817ddc13a47b48e218e6
-
SSDEEP
6144:1XFjjwgN2WfEjI75nuWDQbjAN2WfEjI75nuWDQbjNziDAQqaZ1xnwU:11jBN7fn5nPmAN7fn5nPmNiDCM
Score10/10-
Detect XtremeRAT payload
-
Modifies WinLogon for persistence
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Adds policy Run key to start application
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-