General

  • Target

    396ffe37b73d3d8ca760aa6b834ec4efeef4841034ca53d50d435099abacba06

  • Size

    81KB

  • Sample

    221123-3hg93sce36

  • MD5

    5281506fcf188cfcc5c781455fbcd8b0

  • SHA1

    d24c06f680c9e02447102431706748a5ef29c03c

  • SHA256

    396ffe37b73d3d8ca760aa6b834ec4efeef4841034ca53d50d435099abacba06

  • SHA512

    dac0636f3658834f079c253127e39382be8265044eed293ecd7415aafd2c1502a54026af14ad51c229b6b246e6cc5ff8bd1bcfc53f30cba4c149987b9997875c

  • SSDEEP

    768:7Br+tjFqTPkAlfztB1lr6an3smTA8uvm2SzosAeEeU2FMQnrTx0LZu:VyRUHlrL1lr6an3TLuvm2eohr6MQreZ

Malware Config

Extracted

Family

xtremerat

C2

saiddz.no-ip.info

Targets

    • Target

      396ffe37b73d3d8ca760aa6b834ec4efeef4841034ca53d50d435099abacba06

    • Size

      81KB

    • MD5

      5281506fcf188cfcc5c781455fbcd8b0

    • SHA1

      d24c06f680c9e02447102431706748a5ef29c03c

    • SHA256

      396ffe37b73d3d8ca760aa6b834ec4efeef4841034ca53d50d435099abacba06

    • SHA512

      dac0636f3658834f079c253127e39382be8265044eed293ecd7415aafd2c1502a54026af14ad51c229b6b246e6cc5ff8bd1bcfc53f30cba4c149987b9997875c

    • SSDEEP

      768:7Br+tjFqTPkAlfztB1lr6an3smTA8uvm2SzosAeEeU2FMQnrTx0LZu:VyRUHlrL1lr6an3TLuvm2eohr6MQreZ

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Executes dropped EXE

    • Modifies Installed Components in the registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks