General

  • Target

    c77e202f32519c7508864e2f0a1f264e82217340f5bec85fc75636428e3761e5

  • Size

    369KB

  • Sample

    221122-y1e58aff69

  • MD5

    6f416ed0628cc10546bcb22a4332a296

  • SHA1

    731388e80720c74a11e08d4a7870f8c96fec0342

  • SHA256

    c77e202f32519c7508864e2f0a1f264e82217340f5bec85fc75636428e3761e5

  • SHA512

    ea29d1b3cd7aefdb580d917b5ea041de5815b39ded33d57bd524dfd9ed17589ebd183e9e114411a91ffa03aaf0dc1123ac329bde77640cbc17ad519d7d0bcc58

  • SSDEEP

    3072:EXY8/gRkIgsmQOWjXNLFgdBCqsGxxeq/qU7raAkFksaME/GSpnIgGbswpJoNIQze:O8gQbNLknIgK54IQzeeeL4/X

Malware Config

Extracted

Family

xtremerat

C2

oudy.no-ip.biz

Targets

    • Target

      c77e202f32519c7508864e2f0a1f264e82217340f5bec85fc75636428e3761e5

    • Size

      369KB

    • MD5

      6f416ed0628cc10546bcb22a4332a296

    • SHA1

      731388e80720c74a11e08d4a7870f8c96fec0342

    • SHA256

      c77e202f32519c7508864e2f0a1f264e82217340f5bec85fc75636428e3761e5

    • SHA512

      ea29d1b3cd7aefdb580d917b5ea041de5815b39ded33d57bd524dfd9ed17589ebd183e9e114411a91ffa03aaf0dc1123ac329bde77640cbc17ad519d7d0bcc58

    • SSDEEP

      3072:EXY8/gRkIgsmQOWjXNLFgdBCqsGxxeq/qU7raAkFksaME/GSpnIgGbswpJoNIQze:O8gQbNLknIgK54IQzeeeL4/X

    • Detect XtremeRAT payload

    • Modifies WinLogon for persistence

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Adds policy Run key to start application

    • Modifies Installed Components in the registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks