General

  • Target

    7600e7063e8923531d864f12da7a849a

  • Size

    492KB

  • Sample

    240126-bndqascceq

  • MD5

    7600e7063e8923531d864f12da7a849a

  • SHA1

    d6cc3a257910d9d3798c157616e55e80fffe477b

  • SHA256

    fede3acc541cea42cc036291163ef665c2a3afb0ed7aeb456490d43c6d77bb3c

  • SHA512

    70a92ba228af0c943a3dd6f0a05a7dfea426534853405f762245a6cb60437379118e27df45cfb90806fc991a4a272d90fd873c5489de5145f41c33341101c81c

  • SSDEEP

    6144:JnAwmCJTOh5ftjXL4bUKEPzIV0QO/7zDzNEKrXU1cVd8fOObkrL+eBpxwsqVuSrj:JD+PjXL46U6hLzN96jb4gt

Malware Config

Extracted

Family

xtremerat

C2

2hask.no-ip.biz

Targets

    • Target

      7600e7063e8923531d864f12da7a849a

    • Size

      492KB

    • MD5

      7600e7063e8923531d864f12da7a849a

    • SHA1

      d6cc3a257910d9d3798c157616e55e80fffe477b

    • SHA256

      fede3acc541cea42cc036291163ef665c2a3afb0ed7aeb456490d43c6d77bb3c

    • SHA512

      70a92ba228af0c943a3dd6f0a05a7dfea426534853405f762245a6cb60437379118e27df45cfb90806fc991a4a272d90fd873c5489de5145f41c33341101c81c

    • SSDEEP

      6144:JnAwmCJTOh5ftjXL4bUKEPzIV0QO/7zDzNEKrXU1cVd8fOObkrL+eBpxwsqVuSrj:JD+PjXL46U6hLzN96jb4gt

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Modifies Installed Components in the registry

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks