Overview

overview

10

Static

static

10

7950cad15d...be.exe

windows10-2004-x64

10

7950cad15d...be.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    19558886810.zip

  • Size

    45KB

  • Sample

    241022-zrnlnswbmj

  • MD5

    568dc4b6080c7292e4a7b9bcd7089b20

  • SHA1

    8856676e5d2c93e49d61aaec2f510a76e9155a62

  • SHA256

    c8a0c1715605c5ef4e499770b896e3249ed45fc93da615942350c292a2c4fb8b

  • SHA512

    7b30d26c3ec96666b3cb6aceb7fca3f3a71ce60a81f754be84529df2667341f435e2c106e2f548d1f7ed88e1b5b6ace711056d8bc261b6ebac79b88a7a3970b6

  • SSDEEP

    768:XdjAkeblWWLY4+Q6/x0pjsPcf7b0JDAv4PoiuX3FdLdTOOQbeZMUwBPZ/DXd:R/OljY4VCx0+E7bADAv4vuXTLVOOSbUc

Score
10/10
xtremeratdiscoverypersistenceratspywareupx

Malware Config

Targets

    • Target

      7950cad15d37d679765ae2ad609502f0471a5e530f9decd994da8b739c1254be

    • Size

      60KB

    • MD5

      7e9f416689d0a361252b38b6fe132f39

    • SHA1

      f45ab1375e5049bc17573f909991cfbd60e50cc9

    • SHA256

      7950cad15d37d679765ae2ad609502f0471a5e530f9decd994da8b739c1254be

    • SHA512

      658abdff07039af5c4f97c49a5692905393010cbc88d92aca5a79e8ea58b3f4cc9046c5ea832c24ac8904320459c6171a2f98b015676e7d8d92b3a27dbb9eb61

    • SSDEEP

      1536:oIsF0q5yjJq8LkRNiUAm0KPD+AuRDiq4OZZZLlCZibw:otF0qAVLkRNiK0MaRDw8Nb

    Score
    10/10
    xtremeratdiscoverypersistenceratspywareupx

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

      persistencespywareratxtremerat

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Adds Run key to start application

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks