General

  • Target

    7c0658a458706e4d87cbded04d297689a5cd0a380355cb80f22dac848c3898b6

  • Size

    21KB

  • Sample

    221122-y1gdaabb21

  • MD5

    cc26ec374fa2236be0ffbc38cf4cc81d

  • SHA1

    053ba01443cd4cb6d5c095ba81a0b1f4f46f6b24

  • SHA256

    7c0658a458706e4d87cbded04d297689a5cd0a380355cb80f22dac848c3898b6

  • SHA512

    1b745f9b2645631cfe3ad3cf1c6defd0f9f5282cf6d37c7494a133b341b749563b2bd3ccd332a86c3ad794e25e7836b64ff16848de5a8a20b79f98479f102e96

  • SSDEEP

    384:iIdmF+TH95xJMu/0PlxjV8BINhuLJ37tMOpuqqz3KK7eIVm0P0WbffV8lIpLR:iIsF8HdbKjV8BX7Vy6K7eIVRPJlZ

Malware Config

Extracted

Family

xtremerat

C2

nensmile96.zapto.org

Targets

    • Target

      7c0658a458706e4d87cbded04d297689a5cd0a380355cb80f22dac848c3898b6

    • Size

      21KB

    • MD5

      cc26ec374fa2236be0ffbc38cf4cc81d

    • SHA1

      053ba01443cd4cb6d5c095ba81a0b1f4f46f6b24

    • SHA256

      7c0658a458706e4d87cbded04d297689a5cd0a380355cb80f22dac848c3898b6

    • SHA512

      1b745f9b2645631cfe3ad3cf1c6defd0f9f5282cf6d37c7494a133b341b749563b2bd3ccd332a86c3ad794e25e7836b64ff16848de5a8a20b79f98479f102e96

    • SSDEEP

      384:iIdmF+TH95xJMu/0PlxjV8BINhuLJ37tMOpuqqz3KK7eIVm0P0WbffV8lIpLR:iIsF8HdbKjV8BX7Vy6K7eIVRPJlZ

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Modifies Installed Components in the registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks