General

  • Target

    78c7e850d5a57a85591d9f8f53458a2d

  • Size

    44KB

  • Sample

    240127-ank9pshcc4

  • MD5

    78c7e850d5a57a85591d9f8f53458a2d

  • SHA1

    326965a7a7a33c7248a0d176ac17f859078a12a3

  • SHA256

    3e44cfd51ec7b6c5139bfe44cb8e8dc79b4048d1726644853b8df6c8c92a18c8

  • SHA512

    de00dc33454986ff5c0624ecc0f58b16672c61270fdee5467795750ed1069cecacc18cc9056e07a27f0b004174b52a13fdd7d32ad092784703d27c0aa61abc96

  • SSDEEP

    768:rBr+tjFqTPkAlfztB1lr6an3smTA8uvm2DfOTwYPI1k4a:FyRUHlrL1lr6an3TLuvm2buQG4a

Malware Config

Extracted

Family

xtremerat

C2

supporthp.myftp.org

蠀C:\Windsupporthp.myftp.org

耀㗹疭췠&㐸supporthp.myftp.org

蠀C:\Windsupportsniper.myftp.org

C:\Ussupportsniper.myftp.org

Targets

    • Target

      78c7e850d5a57a85591d9f8f53458a2d

    • Size

      44KB

    • MD5

      78c7e850d5a57a85591d9f8f53458a2d

    • SHA1

      326965a7a7a33c7248a0d176ac17f859078a12a3

    • SHA256

      3e44cfd51ec7b6c5139bfe44cb8e8dc79b4048d1726644853b8df6c8c92a18c8

    • SHA512

      de00dc33454986ff5c0624ecc0f58b16672c61270fdee5467795750ed1069cecacc18cc9056e07a27f0b004174b52a13fdd7d32ad092784703d27c0aa61abc96

    • SSDEEP

      768:rBr+tjFqTPkAlfztB1lr6an3smTA8uvm2DfOTwYPI1k4a:FyRUHlrL1lr6an3TLuvm2buQG4a

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Modifies Installed Components in the registry

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks