General

  • Target

    87380a16b610d4d3be2038a2e83092d1dfb546a205a8523ba4fd5b4ed5fec973

  • Size

    1.1MB

  • Sample

    221123-3g4rpaff5z

  • MD5

    5383cae2374791840069b911f39b69e4

  • SHA1

    370e8a25738dd02d08c72bda5e57b0d8a24d34a2

  • SHA256

    87380a16b610d4d3be2038a2e83092d1dfb546a205a8523ba4fd5b4ed5fec973

  • SHA512

    dd5e309281a6d7a52bd4c965fa43eeef81419d053128046e307c6d6225761dcdfb2fa2b053cd86d14629b72581372a318f7c0202ec4e9bf2788bdbac37e84f56

  • SSDEEP

    24576:JXsbhw7CBsydWW9mckMFTog+sfqgXCQ8LqZw6/ZF0A8:OVwuIWgBMFTLJPwGZx/Zi

Malware Config

Extracted

Family

xtremerat

C2

123boof.no-ip.org

Targets

    • Target

      87380a16b610d4d3be2038a2e83092d1dfb546a205a8523ba4fd5b4ed5fec973

    • Size

      1.1MB

    • MD5

      5383cae2374791840069b911f39b69e4

    • SHA1

      370e8a25738dd02d08c72bda5e57b0d8a24d34a2

    • SHA256

      87380a16b610d4d3be2038a2e83092d1dfb546a205a8523ba4fd5b4ed5fec973

    • SHA512

      dd5e309281a6d7a52bd4c965fa43eeef81419d053128046e307c6d6225761dcdfb2fa2b053cd86d14629b72581372a318f7c0202ec4e9bf2788bdbac37e84f56

    • SSDEEP

      24576:JXsbhw7CBsydWW9mckMFTog+sfqgXCQ8LqZw6/ZF0A8:OVwuIWgBMFTLJPwGZx/Zi

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks