General

  • Target

    dacc9de494f7f8eac735092e7267225131e1f8e15fa8dab5c612e3b5badf2daa

  • Size

    284KB

  • Sample

    221122-3lxtyagd8w

  • MD5

    c8749406aab80718b4f048bb00107c71

  • SHA1

    da6cf5efa205495c5c0774586df9ccadff196940

  • SHA256

    dacc9de494f7f8eac735092e7267225131e1f8e15fa8dab5c612e3b5badf2daa

  • SHA512

    c115de8bacd7490a1256109d498dc6687549dfa42b590fc9931c2aa23d5b7c658f180a63fc46d0be4c142cbe25b29de0b0e34c7c3b65bd90b1d7fdfb0430b075

  • SSDEEP

    6144:JzlQUFo0qQYYs+Mh40eniBpuBDjt9FX6M7Zud:5lQUF9pYX4nou1tD6Mm

Malware Config

Extracted

Family

xtremerat

C2

amhi.no-ip.info

Targets

    • Target

      dacc9de494f7f8eac735092e7267225131e1f8e15fa8dab5c612e3b5badf2daa

    • Size

      284KB

    • MD5

      c8749406aab80718b4f048bb00107c71

    • SHA1

      da6cf5efa205495c5c0774586df9ccadff196940

    • SHA256

      dacc9de494f7f8eac735092e7267225131e1f8e15fa8dab5c612e3b5badf2daa

    • SHA512

      c115de8bacd7490a1256109d498dc6687549dfa42b590fc9931c2aa23d5b7c658f180a63fc46d0be4c142cbe25b29de0b0e34c7c3b65bd90b1d7fdfb0430b075

    • SSDEEP

      6144:JzlQUFo0qQYYs+Mh40eniBpuBDjt9FX6M7Zud:5lQUF9pYX4nou1tD6Mm

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks