General

  • Target

    757f07a92c2575083465397f3deae51f1076e046c788ac511f36f18b56190b13

  • Size

    19.0MB

  • Sample

    221122-zjcjfabg9x

  • MD5

    cb048b97fcf53ee570d48ee1c45add87

  • SHA1

    f44c8962aaf0f12f9655137c1b8e22dcf7237128

  • SHA256

    757f07a92c2575083465397f3deae51f1076e046c788ac511f36f18b56190b13

  • SHA512

    2efc2a73bdd4aacfdd4d8cd75bb1ddcacc27768b96a6561988f36fbdbcc02b6b2cbc834e86c2c7139f38c0ecbae826dd4e96d229534d82d0b23f7f2367a78df5

  • SSDEEP

    3072:iExBEUC/nfj/FwAfFP5RPvaiTX1A1sD8RzMtTU:an7FtftnXYA8RzETU

Malware Config

Extracted

Family

xtremerat

C2

microsoftupdate.dlinkddns.com

Targets

    • Target

      757f07a92c2575083465397f3deae51f1076e046c788ac511f36f18b56190b13

    • Size

      19.0MB

    • MD5

      cb048b97fcf53ee570d48ee1c45add87

    • SHA1

      f44c8962aaf0f12f9655137c1b8e22dcf7237128

    • SHA256

      757f07a92c2575083465397f3deae51f1076e046c788ac511f36f18b56190b13

    • SHA512

      2efc2a73bdd4aacfdd4d8cd75bb1ddcacc27768b96a6561988f36fbdbcc02b6b2cbc834e86c2c7139f38c0ecbae826dd4e96d229534d82d0b23f7f2367a78df5

    • SSDEEP

      3072:iExBEUC/nfj/FwAfFP5RPvaiTX1A1sD8RzMtTU:an7FtftnXYA8RzETU

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks