General

  • Target

    cfbefb57bb4e24713bb16e7bfdc88ed59573182ed17fe4523297a712098f8fb8

  • Size

    33KB

  • Sample

    221122-y1d8xsff67

  • MD5

    85f675e475ceb5bd41a24413bf129e24

  • SHA1

    a85e020d3d58655014383088d7e1a7ca90ee1e1d

  • SHA256

    cfbefb57bb4e24713bb16e7bfdc88ed59573182ed17fe4523297a712098f8fb8

  • SHA512

    55ab9ef81b613d00a1ae0fc753ad14f5cbd030197bbf37eedb851e72600e8f5ece438cd8c68941a2d7cbd97321e73a052b5774bae7676ffc486888700f877502

  • SSDEEP

    768:x6/c+NOReJEYplygiOw1QbH9HW0gndaK7D:x6/hNYeJtkgiGdHwE

Malware Config

Extracted

Family

xtremerat

C2

systeam.ddns.net

Targets

    • Target

      cfbefb57bb4e24713bb16e7bfdc88ed59573182ed17fe4523297a712098f8fb8

    • Size

      33KB

    • MD5

      85f675e475ceb5bd41a24413bf129e24

    • SHA1

      a85e020d3d58655014383088d7e1a7ca90ee1e1d

    • SHA256

      cfbefb57bb4e24713bb16e7bfdc88ed59573182ed17fe4523297a712098f8fb8

    • SHA512

      55ab9ef81b613d00a1ae0fc753ad14f5cbd030197bbf37eedb851e72600e8f5ece438cd8c68941a2d7cbd97321e73a052b5774bae7676ffc486888700f877502

    • SSDEEP

      768:x6/c+NOReJEYplygiOw1QbH9HW0gndaK7D:x6/hNYeJtkgiGdHwE

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Modifies Installed Components in the registry

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks