General

  • Target

    7dae300e7940ce26176b822bd380c4f26e82572604679eb62370dde67f3e46af

  • Size

    501KB

  • Sample

    221122-3lbayagd6x

  • MD5

    c23cf59cc8faa96fa1eccd9b5889de59

  • SHA1

    f9c9ab50a19ad0063ee16d9923d2b22131f30e0d

  • SHA256

    7dae300e7940ce26176b822bd380c4f26e82572604679eb62370dde67f3e46af

  • SHA512

    cb8e1a5580ea853364d9eea1f7f0264ad7b09d0bb2669ddb2fadd8c717720e87112cd02067da03b54301864e318ebd335fcafea3a243d007b3bae77191ce28bc

  • SSDEEP

    12288:LDN7uOZtbgbhT9z5LcdEKdWvuPmj3CAqaFD88:3sOZt0bhfLcZIuP83pqaV88

Malware Config

Targets

    • Target

      7dae300e7940ce26176b822bd380c4f26e82572604679eb62370dde67f3e46af

    • Size

      501KB

    • MD5

      c23cf59cc8faa96fa1eccd9b5889de59

    • SHA1

      f9c9ab50a19ad0063ee16d9923d2b22131f30e0d

    • SHA256

      7dae300e7940ce26176b822bd380c4f26e82572604679eb62370dde67f3e46af

    • SHA512

      cb8e1a5580ea853364d9eea1f7f0264ad7b09d0bb2669ddb2fadd8c717720e87112cd02067da03b54301864e318ebd335fcafea3a243d007b3bae77191ce28bc

    • SSDEEP

      12288:LDN7uOZtbgbhT9z5LcdEKdWvuPmj3CAqaFD88:3sOZt0bhfLcZIuP83pqaV88

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks