General

  • Target

    eafede8acf1c02f1703d38ca487dceebf2ef4ec191f7b9a2930aa3b736b0d3dc

  • Size

    186KB

  • Sample

    221122-y19d3aff98

  • MD5

    dd9ffd7025bb201c3fbc6cdb15c18f94

  • SHA1

    df60cd3f203b76506b1779013ed8672c6f5896ed

  • SHA256

    eafede8acf1c02f1703d38ca487dceebf2ef4ec191f7b9a2930aa3b736b0d3dc

  • SHA512

    083938429d2db765b4abdb1ec2d91157d02c9ec3015c3861238100b491bf90fe5d046cd7cb76dffed43c1b95191a8da976c14d3edc1327486f0c8c392df6b4d4

  • SSDEEP

    3072:zoPvSnmfKnUpE4iaiZloxJKjeXXfKlR7Yh+DJ8I9:E32mpvOWxJKjenf68YJl9

Malware Config

Targets

    • Target

      eafede8acf1c02f1703d38ca487dceebf2ef4ec191f7b9a2930aa3b736b0d3dc

    • Size

      186KB

    • MD5

      dd9ffd7025bb201c3fbc6cdb15c18f94

    • SHA1

      df60cd3f203b76506b1779013ed8672c6f5896ed

    • SHA256

      eafede8acf1c02f1703d38ca487dceebf2ef4ec191f7b9a2930aa3b736b0d3dc

    • SHA512

      083938429d2db765b4abdb1ec2d91157d02c9ec3015c3861238100b491bf90fe5d046cd7cb76dffed43c1b95191a8da976c14d3edc1327486f0c8c392df6b4d4

    • SSDEEP

      3072:zoPvSnmfKnUpE4iaiZloxJKjeXXfKlR7Yh+DJ8I9:E32mpvOWxJKjenf68YJl9

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Modifies Installed Components in the registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Deletes itself

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks