General

  • Target

    57637568b15294ca9adf7f6a1ea50dc6d9859a49a2bfda29c94dfea6665da0c8

  • Size

    332KB

  • Sample

    221122-y14tksbb41

  • MD5

    d24c33ee501e9394725566229756f913

  • SHA1

    ddad292f6d278bd7abcec49104a7876ba7d61aff

  • SHA256

    57637568b15294ca9adf7f6a1ea50dc6d9859a49a2bfda29c94dfea6665da0c8

  • SHA512

    e6936285b425cbbbb1394cec9aa6f3904c026008122e139b916b6793e086483b1f3d119a7e8bd95653fe5b0f33ddf27fc76ac0fe029768c5be89d9537d72cc73

  • SSDEEP

    6144:nG/A6lH4tKDOzrEEEkO0S9VVV5EXndwZObHx0hYm6d8:nGI1tKAEEEBVVV5ENtriavd8

Malware Config

Extracted

Family

xtremerat

C2

tron.3d-game.com

Targets

    • Target

      57637568b15294ca9adf7f6a1ea50dc6d9859a49a2bfda29c94dfea6665da0c8

    • Size

      332KB

    • MD5

      d24c33ee501e9394725566229756f913

    • SHA1

      ddad292f6d278bd7abcec49104a7876ba7d61aff

    • SHA256

      57637568b15294ca9adf7f6a1ea50dc6d9859a49a2bfda29c94dfea6665da0c8

    • SHA512

      e6936285b425cbbbb1394cec9aa6f3904c026008122e139b916b6793e086483b1f3d119a7e8bd95653fe5b0f33ddf27fc76ac0fe029768c5be89d9537d72cc73

    • SSDEEP

      6144:nG/A6lH4tKDOzrEEEkO0S9VVV5EXndwZObHx0hYm6d8:nGI1tKAEEEBVVV5ENtriavd8

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks