MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 751ee638a513e32eb5d9c9ce48b7f5dcc9eebab17dd328ba5820bc5813e1f85d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Xtrat


Vendor detections: 4


Intelligence 4 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 751ee638a513e32eb5d9c9ce48b7f5dcc9eebab17dd328ba5820bc5813e1f85d
SHA3-384 hash: 87218092ff601181a5142e40414c0324d2119e27b1022f2fc7613e951cf9525e6665b4b8baf82d4955d9b90986a852ad
SHA1 hash: db5a236ee9abcc089d90e6aef13c8b9d7c3cb677
MD5 hash: c59fe051332fdb1e97e7e804f5bf7823
humanhash: solar-rugby-bacon-snake
File name:751ee638a513e32eb5d9c9ce48b7f5dcc9eebab17dd328ba5820bc5813e1f85d
Download: download sample
Signature Xtrat
Create hunting rule
File size:961'324 bytes
First seen:2020-06-10 12:12:14 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash baa93d47220682c04d92f7797d9224ce (139 x RiseProStealer, 26 x Xtrat, 18 x CoinMiner)
ssdeep 24576:tf7wDf93eeKxs7doDnMmKkUdqeTf8X8R22pQb:tEl1zqnbKTMegMR2GQb
Threatray 42 similar samples on MalwareBazaar
TLSH E91523397314BEEED03D81709AD7B77F26BD8233BBE2F85724484997E4E110A31A6148
Reporter JAMESWT_WT
Tags:Xtrat

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.EXE.Obfus-4.UNOFFICIAL
Create hunting rule

Win.Malware.Zusy-6622765-0
Create hunting rule

Gathering data
Threat name:
Win32.Backdoor.XtremeRAT
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 07:29:13 UTC
File Type:
PE (Exe)
Extracted files:
16
AV detection:
31 of 31 (100.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=oupomoffcprs5nozzhhern7v3te65ovrpxjsrosyec6fqe7b7boq._file
Verdict:
malicious
Similar samples:
07cd5128e0d8dba2bf9917891e8e4d3685b58a09df51101a872ebf41a7043418
Xtrat
0bda455745bf357aceefb490c19c47e70b7e65ea11fd9352200f98e795c8cbdc
Xtrat
6b9d9ef4e25d596f922c55d1f210da67cb125034d62c8e639c1f44258dfb4ede
Xtrat
7b3038c1373ca79b19dc5789778a1a0cf38d49a0fcda94d9288be6f648d9d269
Xtrat
8b9168d5ab359866b52639ef7dc5f25a8154707569bd1cb0fa9200a2293cbefe
Xtrat
9d85a0de0623aa8d4a2b1c5887cc18a77c9482115acb71a12b7a54fe186c5484
Xtrat
bea7862dffe387d422fb7f11c92989064c6b396ca9ef5687fa28262e2de83e2d
Xtrat
c121b14316a1f7976c4337f37c29acd3a1efeff592617736b1ae1e6d3bf04b09
Xtrat
c8b1cce5ae65d68b7ca2a419b1499d7bec6e4e3d1e04d3e3f040eeaeb6080146
Xtrat
dec8034e880b3ea1bdbc16f358c8fdfecf119d6159d7dcce065ecb173697dbf4
Xtrat
+ 32 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
evasion upx
Link:
https://tria.ge/reports/201109-dev6phhchx/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Drops startup file
Identifies Wine through registry keys
UPX packed file
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Xtreme_Sep17_2
Create hunting rule
Author:Florian Roth
Description:Detects XTREME sample analyzed in September 2017
Reference:Internal Research

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments