General
-
Target
30cdbdd59960767bc78e08a0f59d7100N.exe
-
Size
64KB
-
Sample
240713-crjldsteng
-
MD5
30cdbdd59960767bc78e08a0f59d7100
-
SHA1
182db1c9e1473121d1fa4468f63dfba735786ba6
-
SHA256
5063e120a317f4fc546b048ddd812da03c633227025faff4756afaa59b3f0cbc
-
SHA512
025f30ad64baa30d1482ffd04bfd83abcb789dd5711c2af52b16c44e5a394eb6fc32b5ce617a26365e04a3def2d63cc6a1652c02bc94067090ce8aff5af80a20
-
SSDEEP
768:rBr+tjFY90iY6W1jwmDzKgEFQXaklMIAn0tYCpP55u/5uizoh:FyRh31jxPEFQXak+05h5u/5uOoh
Behavioral task
behavioral1
Sample
30cdbdd59960767bc78e08a0f59d7100N.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
30cdbdd59960767bc78e08a0f59d7100N.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
kingofspeed.no-ip.org
Targets
-
-
Target
30cdbdd59960767bc78e08a0f59d7100N.exe
-
Size
64KB
-
MD5
30cdbdd59960767bc78e08a0f59d7100
-
SHA1
182db1c9e1473121d1fa4468f63dfba735786ba6
-
SHA256
5063e120a317f4fc546b048ddd812da03c633227025faff4756afaa59b3f0cbc
-
SHA512
025f30ad64baa30d1482ffd04bfd83abcb789dd5711c2af52b16c44e5a394eb6fc32b5ce617a26365e04a3def2d63cc6a1652c02bc94067090ce8aff5af80a20
-
SSDEEP
768:rBr+tjFY90iY6W1jwmDzKgEFQXaklMIAn0tYCpP55u/5uizoh:FyRh31jxPEFQXak+05h5u/5uOoh
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Deletes itself
-
Adds Run key to start application
-
Drops file in System32 directory
-