General

  • Target

    807efbeb9557c60be9bc42a7a8bd48af

  • Size

    576KB

  • Sample

    240129-wkg9jafeh2

  • MD5

    807efbeb9557c60be9bc42a7a8bd48af

  • SHA1

    c18374e845e20341ec49ad0e273ababd1ccbbab6

  • SHA256

    0927d666db23600bea4178d15bfb5ae2b4988b3554114dfe9cfde85ea49a309f

  • SHA512

    e440156cbf1d28a33dacfcb3dd37687fff135b307631c4c3e5fbc3ec1366e3b4c02fceec37d4d5dbea07eb13e2eff072400ff9d0c7f32df318dd1e23c9068f24

  • SSDEEP

    6144:DqFEZwKusZwWyYktKPlglcbBagfdAdQB7Op9Q5T7S0Wjv:mG3yPSb7+dQBn8F

Malware Config

Extracted

Family

xtremerat

C2

mrahmed.hopto.org

Targets

    • Target

      807efbeb9557c60be9bc42a7a8bd48af

    • Size

      576KB

    • MD5

      807efbeb9557c60be9bc42a7a8bd48af

    • SHA1

      c18374e845e20341ec49ad0e273ababd1ccbbab6

    • SHA256

      0927d666db23600bea4178d15bfb5ae2b4988b3554114dfe9cfde85ea49a309f

    • SHA512

      e440156cbf1d28a33dacfcb3dd37687fff135b307631c4c3e5fbc3ec1366e3b4c02fceec37d4d5dbea07eb13e2eff072400ff9d0c7f32df318dd1e23c9068f24

    • SSDEEP

      6144:DqFEZwKusZwWyYktKPlglcbBagfdAdQB7Op9Q5T7S0Wjv:mG3yPSb7+dQBn8F

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Modifies Installed Components in the registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks