General

  • Target

    74764c8591ee28fabb712527f26058a1

  • Size

    95KB

  • Sample

    240125-mkl32sdhc8

  • MD5

    74764c8591ee28fabb712527f26058a1

  • SHA1

    d03b14b88bd44bd61d1ee7f00f7144c257365477

  • SHA256

    c16457e23f4c2568b161a293e0528d7195c026f1f4c8c4b7836cba12a13c8d5d

  • SHA512

    5eccf720004dfa897aa965c3d1afc85b0a0e52ef4dff7f1b044d4ba5f486dc09eb094958e990c33b23f07b16c6097ca015569e9737ef7e3da9b53579f84b9bb5

  • SSDEEP

    1536:EoRHGm0QySVr9DCBDrLoh/n2uTx8h+CGu+cEDraqJCVLZ9uV0+GYe:Eotd0QySVrZknei/G7vDWDVLZ980P9

Malware Config

Extracted

Family

xtremerat

C2

ᦼbumboxss.dyndns.info

Targets

    • Target

      74764c8591ee28fabb712527f26058a1

    • Size

      95KB

    • MD5

      74764c8591ee28fabb712527f26058a1

    • SHA1

      d03b14b88bd44bd61d1ee7f00f7144c257365477

    • SHA256

      c16457e23f4c2568b161a293e0528d7195c026f1f4c8c4b7836cba12a13c8d5d

    • SHA512

      5eccf720004dfa897aa965c3d1afc85b0a0e52ef4dff7f1b044d4ba5f486dc09eb094958e990c33b23f07b16c6097ca015569e9737ef7e3da9b53579f84b9bb5

    • SSDEEP

      1536:EoRHGm0QySVr9DCBDrLoh/n2uTx8h+CGu+cEDraqJCVLZ9uV0+GYe:Eotd0QySVrZknei/G7vDWDVLZ980P9

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Modifies Installed Components in the registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks