General

  • Target

    34468406b718a48f47b6d25c2c5249385ef9d3910c2be3185cc5a100dc7fb690

  • Size

    214KB

  • Sample

    221122-y1bsssff64

  • MD5

    21704222153c2c761ca70239fced9b10

  • SHA1

    b1a426f0a3d4ce2f01f849a815aa139b5368f47c

  • SHA256

    34468406b718a48f47b6d25c2c5249385ef9d3910c2be3185cc5a100dc7fb690

  • SHA512

    da1ce3ecdaafef72eaacc3e26b9bd28c95e55e0c12a40bca39f92b45bd1646ab68bd118a04901841c79ee358df89ec536daf63779a30e32893f8e7ba34e3285c

  • SSDEEP

    3072:byRhFjcaraBIpPQMPozgEAQIIOVraBIpPQMPozgEAQIIOIoy:uXFjcaraBCDorABVraBCDorABIh

Malware Config

Extracted

Family

xtremerat

C2

oudy.no-ip.biz

Targets

    • Target

      34468406b718a48f47b6d25c2c5249385ef9d3910c2be3185cc5a100dc7fb690

    • Size

      214KB

    • MD5

      21704222153c2c761ca70239fced9b10

    • SHA1

      b1a426f0a3d4ce2f01f849a815aa139b5368f47c

    • SHA256

      34468406b718a48f47b6d25c2c5249385ef9d3910c2be3185cc5a100dc7fb690

    • SHA512

      da1ce3ecdaafef72eaacc3e26b9bd28c95e55e0c12a40bca39f92b45bd1646ab68bd118a04901841c79ee358df89ec536daf63779a30e32893f8e7ba34e3285c

    • SSDEEP

      3072:byRhFjcaraBIpPQMPozgEAQIIOVraBIpPQMPozgEAQIIOIoy:uXFjcaraBCDorABVraBCDorABIh

    • Detect XtremeRAT payload

    • Modifies WinLogon for persistence

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Adds policy Run key to start application

    • Modifies Installed Components in the registry

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks