General
-
Target
11e59120875768e8f457a2b0fa07ba49c5d3449aee2e3ec5e9e5dc01717adb6dN.exe
-
Size
21KB
-
Sample
250225-al5wbsxlx5
-
MD5
aef816b43e37ac588845582f8bd1d7c0
-
SHA1
f0a3874c971171743d09da80f47fb233fb50b87f
-
SHA256
11e59120875768e8f457a2b0fa07ba49c5d3449aee2e3ec5e9e5dc01717adb6d
-
SHA512
fa0e9eb93ff29d943fda8c0e70618e041d9b4724185f3bf44827f2b417fcf128fb76b32d56f1182e8e9fdb81981ccc74ac64c9cdf8fda66c0d9022179c7b40e9
-
SSDEEP
384:rYIdmF+Ti213fEF9QZd/cBr5M/gOjkaS4s/1k5YiZNl3pQ4HmZHy/QoyfpLR:UIsF81fG9QveLOYTe5YiRpQbHXb
Malware Config
Extracted
xtremerat
John5698.no-ip.info
Targets
-
-
Target
11e59120875768e8f457a2b0fa07ba49c5d3449aee2e3ec5e9e5dc01717adb6dN.exe
-
Size
21KB
-
MD5
aef816b43e37ac588845582f8bd1d7c0
-
SHA1
f0a3874c971171743d09da80f47fb233fb50b87f
-
SHA256
11e59120875768e8f457a2b0fa07ba49c5d3449aee2e3ec5e9e5dc01717adb6d
-
SHA512
fa0e9eb93ff29d943fda8c0e70618e041d9b4724185f3bf44827f2b417fcf128fb76b32d56f1182e8e9fdb81981ccc74ac64c9cdf8fda66c0d9022179c7b40e9
-
SSDEEP
384:rYIdmF+Ti213fEF9QZd/cBr5M/gOjkaS4s/1k5YiZNl3pQ4HmZHy/QoyfpLR:UIsF81fG9QveLOYTe5YiRpQbHXb
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Xtremerat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-