General

  • Target

    821e4c194c721f6f40b6a63b71229677

  • Size

    524KB

  • Sample

    240130-lsmtwaehcj

  • MD5

    821e4c194c721f6f40b6a63b71229677

  • SHA1

    38a1eb80a5c8f32c6bb56402e5d31b357c5f648d

  • SHA256

    b95a5e2ae5653e4de504a1d230857b40b1c251c5b832057a3f3ac67ec4cdb408

  • SHA512

    e258c243ee8ac819ae0df8c98a1b54e416a5f1387db2402e3467d6b5c5b0135c39cd15a9486413ac5139b23b0a7a0d0893111cbc492395f362ead4aef85ee4df

  • SSDEEP

    12288:UK3D4laljl9uZ9QWAx2NwX1itI8qT3ABt2tW3OKFHE4PA7n:7VVQ6x2GaI8eIR3OKtE4P

Malware Config

Extracted

Family

xtremerat

C2

keohack.no-ip.biz

Targets

    • Target

      821e4c194c721f6f40b6a63b71229677

    • Size

      524KB

    • MD5

      821e4c194c721f6f40b6a63b71229677

    • SHA1

      38a1eb80a5c8f32c6bb56402e5d31b357c5f648d

    • SHA256

      b95a5e2ae5653e4de504a1d230857b40b1c251c5b832057a3f3ac67ec4cdb408

    • SHA512

      e258c243ee8ac819ae0df8c98a1b54e416a5f1387db2402e3467d6b5c5b0135c39cd15a9486413ac5139b23b0a7a0d0893111cbc492395f362ead4aef85ee4df

    • SSDEEP

      12288:UK3D4laljl9uZ9QWAx2NwX1itI8qT3ABt2tW3OKFHE4PA7n:7VVQ6x2GaI8eIR3OKtE4P

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Modifies Installed Components in the registry

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks