General

  • Target

    400e8b0fd641e92c9cea4b65da40a61a4acfee86be7ebdd6d1bbbf32d3022c3d

  • Size

    466KB

  • Sample

    221123-3hdxnaff7t

  • MD5

    1590baae4e915db175799db8faade9a0

  • SHA1

    07b4473240dcad3a790a9c8db0a2b721ae0caf4d

  • SHA256

    400e8b0fd641e92c9cea4b65da40a61a4acfee86be7ebdd6d1bbbf32d3022c3d

  • SHA512

    76805fb767317fb33b5ed757ac6ee4010f89207221dddd08e37048e9e126d7459e8895be21a30c8032a491ac839e5dfd3c91a390572f827547665f1dabd6fc12

  • SSDEEP

    6144:swW8yscx1kmW3TaW8a1m/2amPH9KNjzkY5xtEQD+Gx:LyNxKIW8nJ

Malware Config

Extracted

Family

xtremerat

C2

grymtn.no-ip.org

Targets

    • Target

      400e8b0fd641e92c9cea4b65da40a61a4acfee86be7ebdd6d1bbbf32d3022c3d

    • Size

      466KB

    • MD5

      1590baae4e915db175799db8faade9a0

    • SHA1

      07b4473240dcad3a790a9c8db0a2b721ae0caf4d

    • SHA256

      400e8b0fd641e92c9cea4b65da40a61a4acfee86be7ebdd6d1bbbf32d3022c3d

    • SHA512

      76805fb767317fb33b5ed757ac6ee4010f89207221dddd08e37048e9e126d7459e8895be21a30c8032a491ac839e5dfd3c91a390572f827547665f1dabd6fc12

    • SSDEEP

      6144:swW8yscx1kmW3TaW8a1m/2amPH9KNjzkY5xtEQD+Gx:LyNxKIW8nJ

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Modifies Installed Components in the registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks