General

  • Target

    6c0ab4d10fd8ffa56522e328f91155e394948bddebed777b4e1f3812dc94ecdd

  • Size

    192KB

  • Sample

    221122-y1j46sbb3v

  • MD5

    cc9b73a49c606d42b6bbe622e42ae808

  • SHA1

    b16d29137f5ab35b362cd0dfd3c0569b653363fb

  • SHA256

    6c0ab4d10fd8ffa56522e328f91155e394948bddebed777b4e1f3812dc94ecdd

  • SHA512

    0ab1567b7c0850a5391b6ace6e438daab51fcbb1b161c5c74d2fe1f1cc9582b64f60767331f3bc28b633ccec9a66edd7aba71ee83fe446d63f33a367981ba2aa

  • SSDEEP

    3072:EZdpfSsrUs4uWo1C8fIQbSJWirMkRer4Jr4eqHfCkrZZ3F+aVE9g:EzpfSsrUs45Qb+WIaQrmHfCoZsaA

Malware Config

Extracted

Family

xtremerat

C2

volkov2014.ddns.net

Targets

    • Target

      6c0ab4d10fd8ffa56522e328f91155e394948bddebed777b4e1f3812dc94ecdd

    • Size

      192KB

    • MD5

      cc9b73a49c606d42b6bbe622e42ae808

    • SHA1

      b16d29137f5ab35b362cd0dfd3c0569b653363fb

    • SHA256

      6c0ab4d10fd8ffa56522e328f91155e394948bddebed777b4e1f3812dc94ecdd

    • SHA512

      0ab1567b7c0850a5391b6ace6e438daab51fcbb1b161c5c74d2fe1f1cc9582b64f60767331f3bc28b633ccec9a66edd7aba71ee83fe446d63f33a367981ba2aa

    • SSDEEP

      3072:EZdpfSsrUs4uWo1C8fIQbSJWirMkRer4Jr4eqHfCkrZZ3F+aVE9g:EzpfSsrUs45Qb+WIaQrmHfCoZsaA

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Modifies Installed Components in the registry

    • Adds Run key to start application

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks