General

  • Target

    80aa3aba8b5d1ce26cb4108bdbc8b6a6

  • Size

    44KB

  • Sample

    240129-x4llqshah7

  • MD5

    80aa3aba8b5d1ce26cb4108bdbc8b6a6

  • SHA1

    66b7beb09b4779d81881c7e2a10931ceb8f0705f

  • SHA256

    c8b3e611c771e2b08b5148e471731e6bac19b4ca227342a61a9221cd037c61ee

  • SHA512

    0ec9e31b64c4053e239befd70f9c0dfb804bae31a17af90ef0c675ecc3b023d3a90c76764c9f1d6cec4d6c4e08d3dca26fe3ef38f01711d0e244cf44e1d7a1aa

  • SSDEEP

    768:rDr+tjFqTPkAlfzth1lr6annsmTq8uvm2DfuTwYPIWzoOL:XyRUHlrr1lr6anHTZuvm2bOQKoOL

Malware Config

Extracted

Family

xtremerat

C2

kahba88.zapto.org

Targets

    • Target

      80aa3aba8b5d1ce26cb4108bdbc8b6a6

    • Size

      44KB

    • MD5

      80aa3aba8b5d1ce26cb4108bdbc8b6a6

    • SHA1

      66b7beb09b4779d81881c7e2a10931ceb8f0705f

    • SHA256

      c8b3e611c771e2b08b5148e471731e6bac19b4ca227342a61a9221cd037c61ee

    • SHA512

      0ec9e31b64c4053e239befd70f9c0dfb804bae31a17af90ef0c675ecc3b023d3a90c76764c9f1d6cec4d6c4e08d3dca26fe3ef38f01711d0e244cf44e1d7a1aa

    • SSDEEP

      768:rDr+tjFqTPkAlfzth1lr6annsmTq8uvm2DfuTwYPIWzoOL:XyRUHlrr1lr6anHTZuvm2bOQKoOL

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Modifies Installed Components in the registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks