General

  • Target

    06f37e158b39bcb7ce9c4836890c2555d330f73010ec98abeec60c72db7322fa

  • Size

    366KB

  • Sample

    221122-y1cebsbb2y

  • MD5

    82d7eb3b4c8b65f5a44ee29f227155a5

  • SHA1

    c9daaf77168b664fcd2945c84f3b1fc583fcfdf2

  • SHA256

    06f37e158b39bcb7ce9c4836890c2555d330f73010ec98abeec60c72db7322fa

  • SHA512

    aebfcb84612a377c200182d4f5f2d896012533eebd7fb5b57b33b1ba66bdc37a198071d125d9a336e5e7be13204ce1687a97f02fe92592c11f8cff560ec00cef

  • SSDEEP

    3072:fyRhFjcrBi3VjbYd8MUhYYYVYhYYYO7cdmuGehBi3VjbYd8MUhYYYVYhYYYO7cdH:aXFjcwJ9MUsdiJ9MUsdt/

Malware Config

Extracted

Family

xtremerat

C2

oudy.no-ip.biz

Targets

    • Target

      06f37e158b39bcb7ce9c4836890c2555d330f73010ec98abeec60c72db7322fa

    • Size

      366KB

    • MD5

      82d7eb3b4c8b65f5a44ee29f227155a5

    • SHA1

      c9daaf77168b664fcd2945c84f3b1fc583fcfdf2

    • SHA256

      06f37e158b39bcb7ce9c4836890c2555d330f73010ec98abeec60c72db7322fa

    • SHA512

      aebfcb84612a377c200182d4f5f2d896012533eebd7fb5b57b33b1ba66bdc37a198071d125d9a336e5e7be13204ce1687a97f02fe92592c11f8cff560ec00cef

    • SSDEEP

      3072:fyRhFjcrBi3VjbYd8MUhYYYVYhYYYO7cdmuGehBi3VjbYd8MUhYYYVYhYYYO7cdH:aXFjcwJ9MUsdiJ9MUsdt/

    • Detect XtremeRAT payload

    • Modifies WinLogon for persistence

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Adds policy Run key to start application

    • Modifies Installed Components in the registry

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks