General

  • Target

    82d7d99c4fba793eb397ca6e0a8c5e35

  • Size

    668KB

  • Sample

    240130-3cnvnsfbg7

  • MD5

    82d7d99c4fba793eb397ca6e0a8c5e35

  • SHA1

    5a8782df89671b983d267c6c24de8f5ca964cb54

  • SHA256

    872edc4c58c1375cc1555d0aa9045ff1ed5f0f37bbe3b2fa7c3bc2995f8016ca

  • SHA512

    9f257d5aba777750a2f41e536e7b37499dc99b0939a69b8e5f5f17049eb3ce0b3e97fbda3769caa872860b7e497824ab879414f22af84c2b8cfbe52e08fdd87f

  • SSDEEP

    1536:99YX/XB6CXr7w484Ve4mUWv+xAR9zz+JGl7w49XgXB6iX:sPRF77P3me493nl7P9wRl

Malware Config

Extracted

Family

xtremerat

C2

z2a.no-ip.info

Targets

    • Target

      82d7d99c4fba793eb397ca6e0a8c5e35

    • Size

      668KB

    • MD5

      82d7d99c4fba793eb397ca6e0a8c5e35

    • SHA1

      5a8782df89671b983d267c6c24de8f5ca964cb54

    • SHA256

      872edc4c58c1375cc1555d0aa9045ff1ed5f0f37bbe3b2fa7c3bc2995f8016ca

    • SHA512

      9f257d5aba777750a2f41e536e7b37499dc99b0939a69b8e5f5f17049eb3ce0b3e97fbda3769caa872860b7e497824ab879414f22af84c2b8cfbe52e08fdd87f

    • SSDEEP

      1536:99YX/XB6CXr7w484Ve4mUWv+xAR9zz+JGl7w49XgXB6iX:sPRF77P3me493nl7P9wRl

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks