General

  • Target

    b9a6b47359f9e7f120e6aa05c2653e91bd834052a82854fdd3b5dbf97df99776

  • Size

    30KB

  • Sample

    221203-n2sgtsbh9t

  • MD5

    0492a767672d6d830c40135e817b6730

  • SHA1

    49bf2a2aa7978e3ef88665a862ed984432157b10

  • SHA256

    b9a6b47359f9e7f120e6aa05c2653e91bd834052a82854fdd3b5dbf97df99776

  • SHA512

    4ec2183320584ce464d55296aa3ce0786ad393142e875c911ddab50692f10f4f30d2739e82f6005c38b4bb65cf6c6d0cb628e587e2c34475242ee12d8ba34f15

  • SSDEEP

    384:ixK81e1TSUARnm9E3/uk0vkA3Ea38I4yXhd9prziSASusimsmonZw87WboXbQ3:iYUecFuDvkAnKyXpprYVm5oF

Malware Config

Targets

    • Target

      b9a6b47359f9e7f120e6aa05c2653e91bd834052a82854fdd3b5dbf97df99776

    • Size

      30KB

    • MD5

      0492a767672d6d830c40135e817b6730

    • SHA1

      49bf2a2aa7978e3ef88665a862ed984432157b10

    • SHA256

      b9a6b47359f9e7f120e6aa05c2653e91bd834052a82854fdd3b5dbf97df99776

    • SHA512

      4ec2183320584ce464d55296aa3ce0786ad393142e875c911ddab50692f10f4f30d2739e82f6005c38b4bb65cf6c6d0cb628e587e2c34475242ee12d8ba34f15

    • SSDEEP

      384:ixK81e1TSUARnm9E3/uk0vkA3Ea38I4yXhd9prziSASusimsmonZw87WboXbQ3:iYUecFuDvkAnKyXpprYVm5oF

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Executes dropped EXE

    • Modifies Installed Components in the registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks