General

  • Target

    01b90464c4c6df17e6d5f0d468eb05261507204faa2993137e0639cbf2822216

  • Size

    366KB

  • Sample

    220523-wx3q1adgfp

  • MD5

    58ab608bd203846607e6fe52381dad9d

  • SHA1

    e861165ddc44b91b5697dbebdabfea0db3c4aa0e

  • SHA256

    01b90464c4c6df17e6d5f0d468eb05261507204faa2993137e0639cbf2822216

  • SHA512

    1f28e5d8c396f60aed3a4c087776db7d6c1d23578c70deb3edd19a044ee498e4fee54d59d6232b0362a5cef9a6209122fb1c5065cc1c80f87cede2e96a28c853

Malware Config

Targets

    • Target

      01b90464c4c6df17e6d5f0d468eb05261507204faa2993137e0639cbf2822216

    • Size

      366KB

    • MD5

      58ab608bd203846607e6fe52381dad9d

    • SHA1

      e861165ddc44b91b5697dbebdabfea0db3c4aa0e

    • SHA256

      01b90464c4c6df17e6d5f0d468eb05261507204faa2993137e0639cbf2822216

    • SHA512

      1f28e5d8c396f60aed3a4c087776db7d6c1d23578c70deb3edd19a044ee498e4fee54d59d6232b0362a5cef9a6209122fb1c5065cc1c80f87cede2e96a28c853

    • Detect XtremeRAT Payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Bootkit

1
T1067

Discovery

System Information Discovery

1
T1082

Tasks