General

  • Target

    8e713951bf6e96ec42039da5466b865731cacc52a4265773ba68d25fe26621a9

  • Size

    45KB

  • Sample

    221122-y1akqsbb2x

  • MD5

    36210ddf15588f34f84eda662ebf7948

  • SHA1

    32b34e6e888c047df8aa7bba87441f33664800de

  • SHA256

    8e713951bf6e96ec42039da5466b865731cacc52a4265773ba68d25fe26621a9

  • SHA512

    11f05b7d078163559c455d4eca282c86215aef1cf5211d25d6a94a01183b22a59a081fccdcca45907e258f7650b24fb01679b9062437c429dc88dbc2b2377a12

  • SSDEEP

    768:9Br+tjFY90iY6W1jwmDzKgEFQXaklMIAnH8hwfOgw0c5zoA:jyRh31jxPEFQXak+H84booA

Malware Config

Extracted

Family

xtremerat

C2

systeam.ddns.net

Targets

    • Target

      8e713951bf6e96ec42039da5466b865731cacc52a4265773ba68d25fe26621a9

    • Size

      45KB

    • MD5

      36210ddf15588f34f84eda662ebf7948

    • SHA1

      32b34e6e888c047df8aa7bba87441f33664800de

    • SHA256

      8e713951bf6e96ec42039da5466b865731cacc52a4265773ba68d25fe26621a9

    • SHA512

      11f05b7d078163559c455d4eca282c86215aef1cf5211d25d6a94a01183b22a59a081fccdcca45907e258f7650b24fb01679b9062437c429dc88dbc2b2377a12

    • SSDEEP

      768:9Br+tjFY90iY6W1jwmDzKgEFQXaklMIAnH8hwfOgw0c5zoA:jyRh31jxPEFQXak+H84booA

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Modifies Installed Components in the registry

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks