Overview

overview

10

Static

static

45b2938ed3...14.exe

windows7-x64

10

45b2938ed3...14.exe

windows10-2004-x64

10

Resubmissions

11-08-2022 15:42

220811-s5qvmahafr 10

07-07-2022 11:06

220707-m7m9magch5 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    45b2938ed3ae72cc8079d9730fa948c7919500da3bf52b7385f8725c72c18d14

  • Size

    136KB

  • Sample

    220811-s5qvmahafr

  • MD5

    0c8d4181cfb8a34505b231c7d0fdc401

  • SHA1

    ab6d29707a9121b2267d213cec0edbf0d9f896f1

  • SHA256

    45b2938ed3ae72cc8079d9730fa948c7919500da3bf52b7385f8725c72c18d14

  • SHA512

    d7f8e2a6d01f48f8591cbc297f1906416b810aa730e66c7618c9ab6d8e7ed1a68935bf38984b392c211a9d1186e1e8ba9f68ed7370f88b11b5568285adbb1a86

Score
10/10
xtremeratpersistenceratspyware

Malware Config

Extracted

Family

xtremerat

C2

no-hack.zapto.org

np.camfrog-ir.zapto.org

camfrog-2r9.zapto.org

Targets

    • Target

      45b2938ed3ae72cc8079d9730fa948c7919500da3bf52b7385f8725c72c18d14

    • Size

      136KB

    • MD5

      0c8d4181cfb8a34505b231c7d0fdc401

    • SHA1

      ab6d29707a9121b2267d213cec0edbf0d9f896f1

    • SHA256

      45b2938ed3ae72cc8079d9730fa948c7919500da3bf52b7385f8725c72c18d14

    • SHA512

      d7f8e2a6d01f48f8591cbc297f1906416b810aa730e66c7618c9ab6d8e7ed1a68935bf38984b392c211a9d1186e1e8ba9f68ed7370f88b11b5568285adbb1a86

    Score
    10/10
    xtremeratpersistenceratspyware

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

      persistencespywareratxtremerat

    • Modifies Installed Components in the registry

      persistence

    • Deletes itself

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks