General

  • Target

    80ca7ba01d7d6b349d3525e4e97387a6

  • Size

    256KB

  • Sample

    240129-y82n7aaae7

  • MD5

    80ca7ba01d7d6b349d3525e4e97387a6

  • SHA1

    38b255b0b2f7a0f11fc373656ce75c1f663d9295

  • SHA256

    7870b07d5c8c8848860579a6e48c054aace2371e953013522356b2d425578d77

  • SHA512

    b486206efc3062e641b0fff066a76faa748a17e92b448a4c42124fba6fdb33cab6e9348bffb1ca56e6e8ab562f5f59c7469bd41030615ea11596382fd83947b6

  • SSDEEP

    3072:9fiQUSKagWQdylnXdvPdv6loGvWz0GXlG1gqtYpwRQ5VuemEDlc:9dvPdvd0wlM/tYpwRQ5V3mED

Malware Config

Extracted

Family

xtremerat

C2

princedz.no-ip.org

Targets

    • Target

      80ca7ba01d7d6b349d3525e4e97387a6

    • Size

      256KB

    • MD5

      80ca7ba01d7d6b349d3525e4e97387a6

    • SHA1

      38b255b0b2f7a0f11fc373656ce75c1f663d9295

    • SHA256

      7870b07d5c8c8848860579a6e48c054aace2371e953013522356b2d425578d77

    • SHA512

      b486206efc3062e641b0fff066a76faa748a17e92b448a4c42124fba6fdb33cab6e9348bffb1ca56e6e8ab562f5f59c7469bd41030615ea11596382fd83947b6

    • SSDEEP

      3072:9fiQUSKagWQdylnXdvPdv6loGvWz0GXlG1gqtYpwRQ5VuemEDlc:9dvPdvd0wlM/tYpwRQ5V3mED

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks