Overview

overview

10

Static

static

3

59692dfa8e...c6.exe

windows7-x64

10

59692dfa8e...c6.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    59692dfa8ebd068beb2892829aa063c6

  • Size

    512KB

  • Sample

    240113-zxpqxsfca6

  • MD5

    59692dfa8ebd068beb2892829aa063c6

  • SHA1

    89026cc5c667c95d947485eb79ed3227ebf5d3b6

  • SHA256

    4344c515f5c55c168359835432a8dba7b62a9174bc80f4a3cd4191f816d87c67

  • SHA512

    981dab7fcc19289eeabb0d53e05631bb6f4ed87653306a18332f5bca39bf3f5920bacf012386eba0eb3bb84b13ddeff9814776c7f39bc4fdecaeac387027d7a6

  • SSDEEP

    3072:Skq+aXIDTfy2b+tpT/6WK7FwoDIiItTRG5JhR9tM0aQNroC36V9TmxlCirOCUzvJ:S1xygYZR9O0aElXfyfDTR

Score
10/10
xtremeratpersistenceratspywareupx

Malware Config

Extracted

Family

xtremerat

C2

mmm1212.no-ip.biz

Targets

    • Target

      59692dfa8ebd068beb2892829aa063c6

    • Size

      512KB

    • MD5

      59692dfa8ebd068beb2892829aa063c6

    • SHA1

      89026cc5c667c95d947485eb79ed3227ebf5d3b6

    • SHA256

      4344c515f5c55c168359835432a8dba7b62a9174bc80f4a3cd4191f816d87c67

    • SHA512

      981dab7fcc19289eeabb0d53e05631bb6f4ed87653306a18332f5bca39bf3f5920bacf012386eba0eb3bb84b13ddeff9814776c7f39bc4fdecaeac387027d7a6

    • SSDEEP

      3072:Skq+aXIDTfy2b+tpT/6WK7FwoDIiItTRG5JhR9tM0aQNroC36V9TmxlCirOCUzvJ:S1xygYZR9O0aElXfyfDTR

    Score
    10/10
    xtremeratpersistenceratspywareupx

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

      persistencespywareratxtremerat

    • Modifies Installed Components in the registry

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks