General

  • Target

    753fc3fae9a227e12760e8ea5dfbd2af

  • Size

    284KB

  • Sample

    240125-xg3azaeack

  • MD5

    753fc3fae9a227e12760e8ea5dfbd2af

  • SHA1

    0251d4b4b63a87abe8784c908f1342a729b6318c

  • SHA256

    93a7a8435fc48b8bf29cf34488ae07557f563a457b2eb4909762a2426e189584

  • SHA512

    db6e95e7628feccea80a39f033ec3c2e3e8e7f3c290ace9505db058b3d443a31b78170ca8f4762208384b17bdba19cacf49f289253db8371c4894df447d357bd

  • SSDEEP

    6144:FAqe9PLfIbTnnGKY20D0wg7oWUY/w2NIAJ0QIOw:FwPLfMTnGKSAV3v+vrZ

Malware Config

Targets

    • Target

      753fc3fae9a227e12760e8ea5dfbd2af

    • Size

      284KB

    • MD5

      753fc3fae9a227e12760e8ea5dfbd2af

    • SHA1

      0251d4b4b63a87abe8784c908f1342a729b6318c

    • SHA256

      93a7a8435fc48b8bf29cf34488ae07557f563a457b2eb4909762a2426e189584

    • SHA512

      db6e95e7628feccea80a39f033ec3c2e3e8e7f3c290ace9505db058b3d443a31b78170ca8f4762208384b17bdba19cacf49f289253db8371c4894df447d357bd

    • SSDEEP

      6144:FAqe9PLfIbTnnGKY20D0wg7oWUY/w2NIAJ0QIOw:FwPLfMTnGKSAV3v+vrZ

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks