General
-
Target
b7deb24a21435cf620d3f9dfebad7248f996c6f09944736ce03cc48573a44080
-
Size
114KB
-
Sample
240721-sdnk7awdmj
-
MD5
2aeb5c6cdeac5e650ce0f259f89cd7a8
-
SHA1
ad8ce777bce79a13bff7cf0fc1618f9ab905a5c7
-
SHA256
b7deb24a21435cf620d3f9dfebad7248f996c6f09944736ce03cc48573a44080
-
SHA512
bb7312f86c99f46dcd8a6c6203dff484c0ec06ead5485658c46fb96af23ae129f8f4dfdb946d68f564203d05c1399b10e545ff0a1c706b311bec3eb1d5f7b1d5
-
SSDEEP
3072:/sNcJffRuVrtn/WFF3RzMJQ5BWls2aIwAx/iUhKEG7Qr://fgl/2nzMQ/WlsMwANtusr
Static task
static1
Behavioral task
behavioral1
Sample
XTremeRAT_silvia.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
XTremeRAT_silvia.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
XTremeRAT_silvia.exe_ FB6E419E0FD9C2F39BE43BCADBD2879F
-
Size
228KB
-
MD5
fb6e419e0fd9c2f39be43bcadbd2879f
-
SHA1
a07209729e6f93e80fb116f18f746aad4b7400c5
-
SHA256
25d4f6a5ba2e04660e761eb1c5c40fe91b7f2a59aa2bdb8f69bfd7ed78d62d38
-
SHA512
f3b4d2150f81dc3942f1d5120701f78107a3002dddfd0ab03f4edf5d2f829bc504cc35a01f978fa764b70f12f56eb8f81e9364c9baae5fa3e9944c90d52ed1bd
-
SSDEEP
3072:Z4lRkAehGfzmuqTPryFq2TTNTJTCN5gTGhSkT5dgsUGOgkBFVYbsVTHuGETXvOTf:Z4lRkAehaKuqT+FJ85p8mlq0r0ds8
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-