General

  • Target

    117b9947e15345993b9fcf22de7f79264f1f4d67bcd567355a75324471e4e808

  • Size

    129KB

  • Sample

    221122-y1gztaff73

  • MD5

    d9c503eb7498a6299be20e0acc6aa398

  • SHA1

    f73b5685baa6107722e4c8d27aa1db67987d3920

  • SHA256

    117b9947e15345993b9fcf22de7f79264f1f4d67bcd567355a75324471e4e808

  • SHA512

    432e26037ee998166c068dc14a7cef52256689a244659b772a0ba262153d9fc3b47c314737488d10793358d9f136dd329fc03b08f785ab0216059a6861c42f89

  • SSDEEP

    3072:qtF5CpZX9I59eHG3vbpv5GWl+raBIpPQMPoBgEAQIIX:qrMpdesovbXOraBCDoxAE

Malware Config

Extracted

Family

xtremerat

C2

oudy.no-ip.biz

Targets

    • Target

      117b9947e15345993b9fcf22de7f79264f1f4d67bcd567355a75324471e4e808

    • Size

      129KB

    • MD5

      d9c503eb7498a6299be20e0acc6aa398

    • SHA1

      f73b5685baa6107722e4c8d27aa1db67987d3920

    • SHA256

      117b9947e15345993b9fcf22de7f79264f1f4d67bcd567355a75324471e4e808

    • SHA512

      432e26037ee998166c068dc14a7cef52256689a244659b772a0ba262153d9fc3b47c314737488d10793358d9f136dd329fc03b08f785ab0216059a6861c42f89

    • SSDEEP

      3072:qtF5CpZX9I59eHG3vbpv5GWl+raBIpPQMPoBgEAQIIX:qrMpdesovbXOraBCDoxAE

    • Detect XtremeRAT payload

    • Modifies WinLogon for persistence

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Adds policy Run key to start application

    • Modifies Installed Components in the registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks