General

  • Target

    77986987ca5c88b1ff74d38421ca3337

  • Size

    172KB

  • Sample

    240126-rrv2raffc9

  • MD5

    77986987ca5c88b1ff74d38421ca3337

  • SHA1

    695305054d159bf5bfb15ef325ddf1a61369df69

  • SHA256

    d2a33a51a40ad2791f3f673092b00fc219e960db0684a61e9d507914164341c3

  • SHA512

    fe3ef512661926f3ed7f20b32336907103629fc85c8528c4f450545b7bf44f8b1cf48a1103567e04307a76a841811e76a6e8eb12e440585cac0ff0939a47c981

  • SSDEEP

    1536:91/yguAiQS7MR+oXiJqAIi2976EFe8E+wrCPGY2dfA9+A6nOwdfKvSpqB+pE0gzy:jfiQD0JI7/Fpune+A7wt0SpqB+g3RQ

Malware Config

Extracted

Family

xtremerat

C2

mrjoo.no-ip.info

Targets

    • Target

      77986987ca5c88b1ff74d38421ca3337

    • Size

      172KB

    • MD5

      77986987ca5c88b1ff74d38421ca3337

    • SHA1

      695305054d159bf5bfb15ef325ddf1a61369df69

    • SHA256

      d2a33a51a40ad2791f3f673092b00fc219e960db0684a61e9d507914164341c3

    • SHA512

      fe3ef512661926f3ed7f20b32336907103629fc85c8528c4f450545b7bf44f8b1cf48a1103567e04307a76a841811e76a6e8eb12e440585cac0ff0939a47c981

    • SSDEEP

      1536:91/yguAiQS7MR+oXiJqAIi2976EFe8E+wrCPGY2dfA9+A6nOwdfKvSpqB+pE0gzy:jfiQD0JI7/Fpune+A7wt0SpqB+g3RQ

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks