General

  • Target

    80bcb5330f6c171e3fbf0fe974b2b74d

  • Size

    880KB

  • Sample

    240129-yr2mvsbbhq

  • MD5

    80bcb5330f6c171e3fbf0fe974b2b74d

  • SHA1

    8e557a79e720459d54a12bde40d836300e78b557

  • SHA256

    be3d36107b945e834dea3913f487e7b39d680975a0c363f3b06ce9559bcf19a9

  • SHA512

    6c144f98411b13769f43cb91353e14e0cf1058ffa826827e6a44f565233495ddc4bdcbe50e46eefa8ddc702054ece77a9238c7d392fb741b0d7d8faacdaa4a9a

  • SSDEEP

    12288:JEc4Y8GXlnEeeirh1gIziWV1etdr45yeD8p9KPyQOTa4Guy:JEc4mNE5m17V1etdcDmepOT1Gd

Malware Config

Extracted

Family

xtremerat

C2

xtremeratbilubilu.ddns.net

Targets

    • Target

      80bcb5330f6c171e3fbf0fe974b2b74d

    • Size

      880KB

    • MD5

      80bcb5330f6c171e3fbf0fe974b2b74d

    • SHA1

      8e557a79e720459d54a12bde40d836300e78b557

    • SHA256

      be3d36107b945e834dea3913f487e7b39d680975a0c363f3b06ce9559bcf19a9

    • SHA512

      6c144f98411b13769f43cb91353e14e0cf1058ffa826827e6a44f565233495ddc4bdcbe50e46eefa8ddc702054ece77a9238c7d392fb741b0d7d8faacdaa4a9a

    • SSDEEP

      12288:JEc4Y8GXlnEeeirh1gIziWV1etdr45yeD8p9KPyQOTa4Guy:JEc4mNE5m17V1etdcDmepOT1Gd

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Modifies Installed Components in the registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks