General

  • Target

    776335ba6b26f60bd0ff0a9bc860663c

  • Size

    81KB

  • Sample

    240126-px92rafcbn

  • MD5

    776335ba6b26f60bd0ff0a9bc860663c

  • SHA1

    613ce7eb607ee5afaccf2a833acc994b2b029295

  • SHA256

    9feb6fefdb1d75a81fe8d5ff14250afb670f00357adc6d1e1333276e2fd5361a

  • SHA512

    acb4af8187eafe76cc36b06c01525a92a1e5d534a8c640f6b002e6c5b2c6f8a60725b349559d8f12a75ef58f261e93b402d7cd503e5e16e51e599669e62e2823

  • SSDEEP

    1536:3s4QfQijHU2CkvfFn93acBNRnpYFwdK6/pVg7kcV:3axwjsn3a6NgFMKYmfV

Malware Config

Extracted

Family

xtremerat

C2

mido007.no-ip.biz

Targets

    • Target

      776335ba6b26f60bd0ff0a9bc860663c

    • Size

      81KB

    • MD5

      776335ba6b26f60bd0ff0a9bc860663c

    • SHA1

      613ce7eb607ee5afaccf2a833acc994b2b029295

    • SHA256

      9feb6fefdb1d75a81fe8d5ff14250afb670f00357adc6d1e1333276e2fd5361a

    • SHA512

      acb4af8187eafe76cc36b06c01525a92a1e5d534a8c640f6b002e6c5b2c6f8a60725b349559d8f12a75ef58f261e93b402d7cd503e5e16e51e599669e62e2823

    • SSDEEP

      1536:3s4QfQijHU2CkvfFn93acBNRnpYFwdK6/pVg7kcV:3axwjsn3a6NgFMKYmfV

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks