General

  • Target

    950d51e53168039e62a39140b68d66f04e2cf1664773082589fda43114b4121e

  • Size

    316KB

  • Sample

    221123-3g5nzscd96

  • MD5

    5f2b245865ecf606299b37d2ca77282a

  • SHA1

    a83730e35fe5cc5dd998ccb74dad941b1e2a9562

  • SHA256

    950d51e53168039e62a39140b68d66f04e2cf1664773082589fda43114b4121e

  • SHA512

    b9b54b48b4e9ac686101f4a770dfc54ad4e3465a5e47d3bfd4f33d3be54bf26f533fc7b71f5655629766f100e5c57feefa041ddc136d7709ea6de1ac0eba0f7f

  • SSDEEP

    1536:nw9xEA36S1au3I9IctmOj7khcF24paskiTf5y6Dgw/cDSc:s6SMukj7KA2JskiTf5y6Dlh

Malware Config

Extracted

Family

xtremerat

C2

3x3x.dyndns-pics.com

Targets

    • Target

      950d51e53168039e62a39140b68d66f04e2cf1664773082589fda43114b4121e

    • Size

      316KB

    • MD5

      5f2b245865ecf606299b37d2ca77282a

    • SHA1

      a83730e35fe5cc5dd998ccb74dad941b1e2a9562

    • SHA256

      950d51e53168039e62a39140b68d66f04e2cf1664773082589fda43114b4121e

    • SHA512

      b9b54b48b4e9ac686101f4a770dfc54ad4e3465a5e47d3bfd4f33d3be54bf26f533fc7b71f5655629766f100e5c57feefa041ddc136d7709ea6de1ac0eba0f7f

    • SSDEEP

      1536:nw9xEA36S1au3I9IctmOj7khcF24paskiTf5y6Dgw/cDSc:s6SMukj7KA2JskiTf5y6Dlh

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks