Overview

overview

10

Static

static

3

seahab2.7.exe

windows7-x64

10

seahab2.7.exe

windows10-2004-x64

10

setup.exe

windows7-x64

5

setup.exe

windows10-2004-x64

5

Sharing

Copy URL Twitter E-mail

General

  • Target

    30ad49f94a0c864731ebc2d49b10889c

  • Size

    216KB

  • Sample

    231225-vyy9jafdb6

  • MD5

    30ad49f94a0c864731ebc2d49b10889c

  • SHA1

    e3193768cbcbf6c4db68d382756d50141595b554

  • SHA256

    1ab729f0884b5a838d7d34a61741c4cd8ecc07899e8a9611a76607f65ef009b5

  • SHA512

    028843f005d6bfed757cac870bb44cc2022a28c8999d0044525aa9fc649e75aded643d30c9f0ff778cd954b2d5d7e0ea8ae986c9815a01b0188614278aac607b

  • SSDEEP

    6144:YEghKlEfxSyJM0duH2EghKlEfxScgE25tcTSFVegL7N:XggEhJMPggEi+SPR3N

Score
10/10
xtremeratpersistenceratspywareupx

Malware Config

Extracted

Family

xtremerat

C2

greenraja.no-ip.info

Targets

    • Target

      seahab2.7.exe

    • Size

      230KB

    • MD5

      2de6b884fff54a08b74af229ac504827

    • SHA1

      306b4579d9924675c0208f2240a303a9a93fd5db

    • SHA256

      3903352ff19d84be4de7a03adbc098e57414b7dedcb63ad5a0aa2321388cbd00

    • SHA512

      e37f486d5fbdf034a6bf1befd4ee40acfe3df8ee015b4ccca42d332e907cdafa9f702634c180a7fe0c0509270cf64bf116330f0bac18b2df57efc7556661d40b

    • SSDEEP

      6144:bqY9SC2DqBRhVh8njm9VCwH+ep7Ld7GXmW4JO:WYMusnjmLjbiX4JO

    Score
    10/10
    xtremeratpersistenceratspywareupx

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

      persistencespywareratxtremerat

    • Modifies Installed Components in the registry

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      setup.exe

    • Size

      235KB

    • MD5

      c217b70c0c92735ceb0e8a04cc36941b

    • SHA1

      f11aa386af27994ba03efba4ba15024a59a57eb1

    • SHA256

      014a384e4f31e5f7271fb08a39faec06f1165fffa1d2e43b418384bf4c342eae

    • SHA512

      a8f78690b865b1c3f6cdfdc9f63b9149d247c4eb1379c9dd1cca5a025390d5e9ed37da985279bee7d3ed8a8480028d06dc84161c17ab988d9f3af5f886637912

    • SSDEEP

      6144:bqY9SC2DqBRhVh8njm9VCwH+ep7Ld7GKI7uO:WYMusnjmLjbiKC/

    Score
    5/10

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks