General

  • Target

    77256de52c8ab33746eebd2a6a9fcbd0

  • Size

    413KB

  • Sample

    240126-mrvc1adban

  • MD5

    77256de52c8ab33746eebd2a6a9fcbd0

  • SHA1

    80bdea34832c6b32e411f2263f1a59f0965ca686

  • SHA256

    1352e3cf7083aaa7ad6fb1afe73ee2263861bc71e239d117a6c0579e91b6d58d

  • SHA512

    61cbfc4a9d14ae562bdc4e87f5b4f298679ce2db17e0493da8edd3d3864d650d712cac35e315f33f2be95181ff8fba31460acfaa292d286cafa01466c1cd7437

  • SSDEEP

    3072:ayRhFjjGBi3VjbYd8MUhYYYVYhYYYO7cdmuGehBi3VjbYd8MUhYYYVYhYYYO7cd4:1XFjjHJ9MUsdiJ9MUsdGbgWV

Malware Config

Extracted

Family

xtremerat

C2

hdohdo.no-ip.biz

Targets

    • Target

      77256de52c8ab33746eebd2a6a9fcbd0

    • Size

      413KB

    • MD5

      77256de52c8ab33746eebd2a6a9fcbd0

    • SHA1

      80bdea34832c6b32e411f2263f1a59f0965ca686

    • SHA256

      1352e3cf7083aaa7ad6fb1afe73ee2263861bc71e239d117a6c0579e91b6d58d

    • SHA512

      61cbfc4a9d14ae562bdc4e87f5b4f298679ce2db17e0493da8edd3d3864d650d712cac35e315f33f2be95181ff8fba31460acfaa292d286cafa01466c1cd7437

    • SSDEEP

      3072:ayRhFjjGBi3VjbYd8MUhYYYVYhYYYO7cdmuGehBi3VjbYd8MUhYYYVYhYYYO7cd4:1XFjjHJ9MUsdiJ9MUsdGbgWV

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Modifies Installed Components in the registry

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks