General

  • Target

    0c83b42fd3f9fb9a44a9feb18b690973c8fd7a3bde0fd8a47eb478e748947221

  • Size

    876KB

  • Sample

    221123-3hs2ksff9t

  • MD5

    4ae275670844065c23d70ade5a1f6e62

  • SHA1

    18155edbe27307eee8bfeaf58e3c3884437b1bb8

  • SHA256

    0c83b42fd3f9fb9a44a9feb18b690973c8fd7a3bde0fd8a47eb478e748947221

  • SHA512

    523444b5b22bb82d31afd91cc6434f893e0f337ea07a04be234ecb59d2db4f0c0372f7b107b8190fe6d2daf0b2fd3913882ab0fdbf1420e229b2bf7ec303cefd

  • SSDEEP

    24576:Nkk96WyWi+v6XiEAvXgRZ5IeRFkApvl/+ga5AJeKBuY:N99eWi+C1AvER3kqvtLwAnBT

Malware Config

Extracted

Family

xtremerat

C2

qosai.no-ip.org

Targets

    • Target

      0c83b42fd3f9fb9a44a9feb18b690973c8fd7a3bde0fd8a47eb478e748947221

    • Size

      876KB

    • MD5

      4ae275670844065c23d70ade5a1f6e62

    • SHA1

      18155edbe27307eee8bfeaf58e3c3884437b1bb8

    • SHA256

      0c83b42fd3f9fb9a44a9feb18b690973c8fd7a3bde0fd8a47eb478e748947221

    • SHA512

      523444b5b22bb82d31afd91cc6434f893e0f337ea07a04be234ecb59d2db4f0c0372f7b107b8190fe6d2daf0b2fd3913882ab0fdbf1420e229b2bf7ec303cefd

    • SSDEEP

      24576:Nkk96WyWi+v6XiEAvXgRZ5IeRFkApvl/+ga5AJeKBuY:N99eWi+C1AvER3kqvtLwAnBT

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks