General
-
Target
b67c521f38fd8e91f15569dcae4ad17b182b96ef0f6a0ed734a291a95d1ce2ff.exe
-
Size
64KB
-
Sample
250107-g94fqsylgx
-
MD5
453440587f5a785862795cf62799a21f
-
SHA1
203ee54e6a9fff11e86c77667d3fe53ce59e957f
-
SHA256
b67c521f38fd8e91f15569dcae4ad17b182b96ef0f6a0ed734a291a95d1ce2ff
-
SHA512
69b77526571abb9a28eea3180cece31128c2edc382f03e734b5155e388dd0e468d700dd733556e32b9ff81f57996dc55bf2e1519b2d8c191aceb5b549fd415b8
-
SSDEEP
1536:U8+D7t0E0RGnl9T039GLI1niVGRwghzpa9:UfD770wnl9Yr1nthhzy
Malware Config
Targets
-
-
Target
b67c521f38fd8e91f15569dcae4ad17b182b96ef0f6a0ed734a291a95d1ce2ff.exe
-
Size
64KB
-
MD5
453440587f5a785862795cf62799a21f
-
SHA1
203ee54e6a9fff11e86c77667d3fe53ce59e957f
-
SHA256
b67c521f38fd8e91f15569dcae4ad17b182b96ef0f6a0ed734a291a95d1ce2ff
-
SHA512
69b77526571abb9a28eea3180cece31128c2edc382f03e734b5155e388dd0e468d700dd733556e32b9ff81f57996dc55bf2e1519b2d8c191aceb5b549fd415b8
-
SSDEEP
1536:U8+D7t0E0RGnl9T039GLI1niVGRwghzpa9:UfD770wnl9Yr1nthhzy
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Xtremerat family
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1