Extracted

• • Target

    ea3e88838ca7860b5351c334eacf7781ec457ac92c0cce43493a4f9cd4694c42N

  • Size

    21KB

  • MD5

    8cb61e22f9379ad22c04322ad8752f80

  • SHA1

    57ab03363cd0d5e93556b8cef8874c8bafb9cae5

  • SHA256

    ea3e88838ca7860b5351c334eacf7781ec457ac92c0cce43493a4f9cd4694c42

  • SHA512

    0becd0baddbd9e1a75e29749a52319b621c40a63443ae0bac801a0e918ae3335de6cd85ee894effd78b5e7097e2b87ad534faeab97e903da8edb962f0ed0fac0

  • SSDEEP

    384:rRIdmF+Ti213fEF9QZd/cBr5M/gOjkaS4s/1k5YiZNl6pQ4sb1CJbh2SVlpLR:tIsF81fG9QveLOYTe5Yi0pQ/18VVVZ

  Score

  10^/10

  xtremeratdiscoverypersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Xtremerat family

    xtremerat

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2