General

  • Target

    5de44eb25e2d369e5f8741b2c9cd38b206dc0509843f82ecbdd0e6b22751a115

  • Size

    75KB

  • Sample

    221123-3mp6gscg73

  • MD5

    44849a4fcbdfb3bffd8278a604b9f5f3

  • SHA1

    b659e99bcb83ebef6bb4de55ea166ec5b7b0d8aa

  • SHA256

    5de44eb25e2d369e5f8741b2c9cd38b206dc0509843f82ecbdd0e6b22751a115

  • SHA512

    e28ecd335f5591a1e77f590058baf4d25c5cbc08ea156be03f0ca9a4de340785515dbbe97c230944d10fec3984d04a64a67bec64827c212fe6707337ed8b9558

  • SSDEEP

    768:jq/sRc77k+TNQGSWbgLa1pSqWYjNtI/7OYpu/lj3Yle7mWx4:LRc77dBKLaPjHI/7nMke7rx4

Malware Config

Extracted

Family

xtremerat

C2

baloobadjamel.hopto.org

Targets

    • Target

      5de44eb25e2d369e5f8741b2c9cd38b206dc0509843f82ecbdd0e6b22751a115

    • Size

      75KB

    • MD5

      44849a4fcbdfb3bffd8278a604b9f5f3

    • SHA1

      b659e99bcb83ebef6bb4de55ea166ec5b7b0d8aa

    • SHA256

      5de44eb25e2d369e5f8741b2c9cd38b206dc0509843f82ecbdd0e6b22751a115

    • SHA512

      e28ecd335f5591a1e77f590058baf4d25c5cbc08ea156be03f0ca9a4de340785515dbbe97c230944d10fec3984d04a64a67bec64827c212fe6707337ed8b9558

    • SSDEEP

      768:jq/sRc77k+TNQGSWbgLa1pSqWYjNtI/7OYpu/lj3Yle7mWx4:LRc77dBKLaPjHI/7nMke7rx4

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Modifies Installed Components in the registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Deletes itself

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks