General

  • Target

    d160bb35aa8ab63ebde79b69d57ebb0494245d64e02c6be58be83daafe36b0ab

  • Size

    160KB

  • Sample

    221123-3g7tcace22

  • MD5

    523f8ed4cb735afe3426386e9e3be1b0

  • SHA1

    991bae19650f8b2b168b453032bd3a3d618e417f

  • SHA256

    d160bb35aa8ab63ebde79b69d57ebb0494245d64e02c6be58be83daafe36b0ab

  • SHA512

    67598340760dabbe473ae8703cf14acd2c4252c9b3a492c4d8adc90e477668b7622917f187c132ad2851b4386a183174cb394c81719ddf0288154a5056a88432

  • SSDEEP

    3072:A1hFYA1Xj4i9QMRdMYS4RHjQqM457ClbhW2:wXj4eoYSYDQp4VKb82

Malware Config

Extracted

Family

xtremerat

C2

dengermada.no-ip.biz

Targets

    • Target

      d160bb35aa8ab63ebde79b69d57ebb0494245d64e02c6be58be83daafe36b0ab

    • Size

      160KB

    • MD5

      523f8ed4cb735afe3426386e9e3be1b0

    • SHA1

      991bae19650f8b2b168b453032bd3a3d618e417f

    • SHA256

      d160bb35aa8ab63ebde79b69d57ebb0494245d64e02c6be58be83daafe36b0ab

    • SHA512

      67598340760dabbe473ae8703cf14acd2c4252c9b3a492c4d8adc90e477668b7622917f187c132ad2851b4386a183174cb394c81719ddf0288154a5056a88432

    • SSDEEP

      3072:A1hFYA1Xj4i9QMRdMYS4RHjQqM457ClbhW2:wXj4eoYSYDQp4VKb82

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Executes dropped EXE

    • Modifies Installed Components in the registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks