Overview

overview

10

Static

static

3

VirusShare...04.exe

windows7-x64

10

VirusShare...04.exe

windows10-2004-x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    VirusShare_0c96d62e3e3b0223c6bcab5b6c0dc304

  • Size

    810KB

  • Sample

    240610-qvg4mayakr

  • MD5

    0c96d62e3e3b0223c6bcab5b6c0dc304

  • SHA1

    c00d22b41ccf49fb266dabed707e7c0a5f17fe2f

  • SHA256

    01b340ad5b3fdf3bd074a19074ec6f153057fcb6e5200794bb1919939101a6f2

  • SHA512

    cb292ec2d0747ac79300e52c999af24aedf5220bffafe23929f5e82c2fa2451c36bd0277c8648f7b03b47e979958b6cc68d7496b7fabdcbe60ef9797e7a3eba3

  • SSDEEP

    12288:eUIVSdouDBYZUR9oK5MnyfeXRDtU+YLU3evyo1hn6PL5eWTu3oZ:SsdAZUR9t5MgkhGl4Syon6UWC3oZ

Score
10/10
xtremeratpersistenceratspywareupx

Malware Config

Targets

    • Target

      VirusShare_0c96d62e3e3b0223c6bcab5b6c0dc304

    • Size

      810KB

    • MD5

      0c96d62e3e3b0223c6bcab5b6c0dc304

    • SHA1

      c00d22b41ccf49fb266dabed707e7c0a5f17fe2f

    • SHA256

      01b340ad5b3fdf3bd074a19074ec6f153057fcb6e5200794bb1919939101a6f2

    • SHA512

      cb292ec2d0747ac79300e52c999af24aedf5220bffafe23929f5e82c2fa2451c36bd0277c8648f7b03b47e979958b6cc68d7496b7fabdcbe60ef9797e7a3eba3

    • SSDEEP

      12288:eUIVSdouDBYZUR9oK5MnyfeXRDtU+YLU3evyo1hn6PL5eWTu3oZ:SsdAZUR9t5MgkhGl4Syon6UWC3oZ

    Score
    10/10
    xtremeratpersistenceratspywareupx

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

      persistencespywareratxtremerat

    • Modifies Installed Components in the registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks