General

  • Target

    ae106dc102a73a883499ebae75fb7a096d69d3ed10278051e36a036a957bb7d6

  • Size

    144KB

  • Sample

    221123-3g356acd94

  • MD5

    509306ae615754cbd2973b0c40061b0b

  • SHA1

    194e47847e742bab20550b40685624ff65b30fb1

  • SHA256

    ae106dc102a73a883499ebae75fb7a096d69d3ed10278051e36a036a957bb7d6

  • SHA512

    14f348da9fdf8bdedf91e5d1e3ca8ce812e9529034b5da29cbcdbc42764918aa685e0ec1d51f5cebd5b8746cb57b1ea9d17556f389ab1b9bfdf9a637a3ddc30c

  • SSDEEP

    1536:ZvwcR3Wok7iIoqh4jWpqMF8MurK3y7GkqXXgCHHJxs:ZvF/k7j5KOFrjYGzXXfHp2

Malware Config

Extracted

Family

xtremerat

C2

sajenhaker.no-ip.info

Targets

    • Target

      ae106dc102a73a883499ebae75fb7a096d69d3ed10278051e36a036a957bb7d6

    • Size

      144KB

    • MD5

      509306ae615754cbd2973b0c40061b0b

    • SHA1

      194e47847e742bab20550b40685624ff65b30fb1

    • SHA256

      ae106dc102a73a883499ebae75fb7a096d69d3ed10278051e36a036a957bb7d6

    • SHA512

      14f348da9fdf8bdedf91e5d1e3ca8ce812e9529034b5da29cbcdbc42764918aa685e0ec1d51f5cebd5b8746cb57b1ea9d17556f389ab1b9bfdf9a637a3ddc30c

    • SSDEEP

      1536:ZvwcR3Wok7iIoqh4jWpqMF8MurK3y7GkqXXgCHHJxs:ZvF/k7j5KOFrjYGzXXfHp2

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Modifies Installed Components in the registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks