Backdoor XtremeRAT

#6455 by markusg
Sat May 21, 2011 10:29 am

multi antivirur 2011.exe
http://www.virustotal.com/file-scan/rep ... 1305973611

Attachments

multi antivirur 2011.rar

(386.19 KiB) Downloaded 112 times

Username

markusg

Posts

737

Joined

Mon Mar 15, 2010 2:53 pm

Re: Malware/Not classified

#6457 by markusg
Sat May 21, 2011 11:29 am

s.exe
http://www.virustotal.com/file-scan/rep ... 1305974483

Attachments

s.rar

(157.84 KiB) Downloaded 83 times

Username

markusg

Posts

737

Joined

Mon Mar 15, 2010 2:53 pm

Re: Malware/MSIL-BA

#6458 by EP_X0FF
Sat May 21, 2011 11:48 am

lol

This application was obfuscated using a trial version of CodeFort.
It is strictly forbidden to publish this obfuscated application in any form.
See more at www.codefort.org

And then (when it spawns second (deobfuscated) copy):

This assembly is protected by an unregistered version of Eziriz's ".NET Reactor"

And then it's XtremeRAT written on Delphi and packed by UPX.

hxxp://sites.google.com/site/nxtremerat/home/

C:\Users\Rafael\Desktop\Xtreme RAT Unicode\Servidor\Indy10\System\IdStreamVCL.pas
C:\Users\Rafael\Desktop\Xtreme RAT Unicode\Servidor\Indy10\System\IdGlobal.pas
C:\Users\Rafael\Desktop\Xtreme RAT Unicode\Servidor\Indy10\System\IdStack.pas
C:\Users\Rafael\Desktop\Xtreme RAT Unicode\Servidor\Indy10\Core\IdIOHandler.pas

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

Re: Backdoor XtremeRAT

#6459 by markusg
Sat May 21, 2011 12:05 pm

found yesterday some similar, but this one was not working in my sandboxie.

Username

markusg

Posts

737

Joined

Mon Mar 15, 2010 2:53 pm

Re: Malware/Not classified

#6461 by EP_X0FF
Sat May 21, 2011 1:20 pm

markusg wrote:s.exe
http://www.virustotal.com/file-scan/rep ... 1305974483

This time protected by simple VB crypter.
Same XtremeRAT with USB autorunner option embedded.

Posts moved.

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

Re: Backdoor XtremeRAT

#19085 by rkhunter
Fri Apr 26, 2013 8:21 am

Xtrat (Backdoor:Win32/Xtrat.B, W32.Extrat)

https://www.virustotal.com/en/file/af17 ... /analysis/

Attachments

235adfcc81bc3859f2a5a21c148d1cf6.zip

pass:infected
(348.16 KiB) Downloaded 71 times

Username

rkhunter

Posts

1156

Joined

Mon Mar 15, 2010 12:51 pm

Location

Russian Federation

Contact

Re: Backdoor XtremeRAT

#19165 by EX!
Thu May 02, 2013 6:40 pm

XremeRat found in Argentina.
C&C black100.no-ip.biz
https://www.virustotal.com/es-ar/file/8 ... 367511564/

no unpacked... :(

Attachments

xtremerat.zip

password = infected
(117.03 KiB) Downloaded 69 times

Username

EX!

Posts

35

Joined

Wed Jun 29, 2011 8:24 pm

Contact

Re: Backdoor XtremeRAT

#19173 by EX!
Fri May 03, 2013 12:00 am

Another XtremeRat from Argentina.

https://www.virustotal.com/es/file/c43b ... /analysis/

original + dump

Attachments

IMG-20120911.rar

password = infected
(318.32 KiB) Downloaded 73 times

Username

EX!

Posts

35

Joined

Wed Jun 29, 2011 8:24 pm

Contact

Re: Backdoor XtremeRAT

#19226 by EX!
Wed May 08, 2013 5:07 pm

Link of Source code in attach. :mrgreen:

Attachments

readmeXR.txt

(1.59 KiB) Downloaded 64 times

Username

EX!

Posts

35

Joined

Wed Jun 29, 2011 8:24 pm

Contact