General

  • Target

    77f48e175dcf48e233eaac59da4b5e50

  • Size

    181KB

  • Sample

    240126-v29jnsccap

  • MD5

    77f48e175dcf48e233eaac59da4b5e50

  • SHA1

    5ce37b56b1ba10bce3bfcccecf800e1db1e39a6e

  • SHA256

    e94fabac6267013d3c8e1906a6b8373b2f95f2fea05f185c15aa9c3e9c6825f9

  • SHA512

    d705eab37f5c7c498098a034832819550bb3e43fbea42525156093e060a1267703759101a514f509079f8afc062c6835f11a4cb9bead233b73fb7278a0de1e52

  • SSDEEP

    3072:E/XXvVr4sC65hD7cq2qvJEDvrUzp3DoHVx3OdP7dYzp3DoHVx3OdP7dq2w:MXvFv5lc2Go0x+w0x+G2w

Malware Config

Extracted

Family

xtremerat

C2

tatooo.no-ip.biz

Targets

    • Target

      77f48e175dcf48e233eaac59da4b5e50

    • Size

      181KB

    • MD5

      77f48e175dcf48e233eaac59da4b5e50

    • SHA1

      5ce37b56b1ba10bce3bfcccecf800e1db1e39a6e

    • SHA256

      e94fabac6267013d3c8e1906a6b8373b2f95f2fea05f185c15aa9c3e9c6825f9

    • SHA512

      d705eab37f5c7c498098a034832819550bb3e43fbea42525156093e060a1267703759101a514f509079f8afc062c6835f11a4cb9bead233b73fb7278a0de1e52

    • SSDEEP

      3072:E/XXvVr4sC65hD7cq2qvJEDvrUzp3DoHVx3OdP7dYzp3DoHVx3OdP7dq2w:MXvFv5lc2Go0x+w0x+G2w

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks