General

  • Target

    82335f2881f850553794c60718e8f32d

  • Size

    304KB

  • Sample

    240130-mhlz9seba8

  • MD5

    82335f2881f850553794c60718e8f32d

  • SHA1

    696c6fab45655353983b8fdae611b04c84ef1a9e

  • SHA256

    fbdd6e4ad9a6617704f0c3c126a838131da0708a9e2cb3c0ab0a421206231ccc

  • SHA512

    a9e54002d12055c14d36104abef2f92e6a103045adcb1f0b1c391c98032ed80c0eed18a04dc88be0bb73d57233f578570d686df0f31f556b8b493b747ad4967b

  • SSDEEP

    6144:c3vHCbhVoEylpWGo4K0mOnb6hNd0ZVm/:cKdVBylU0MN

Malware Config

Targets

    • Target

      82335f2881f850553794c60718e8f32d

    • Size

      304KB

    • MD5

      82335f2881f850553794c60718e8f32d

    • SHA1

      696c6fab45655353983b8fdae611b04c84ef1a9e

    • SHA256

      fbdd6e4ad9a6617704f0c3c126a838131da0708a9e2cb3c0ab0a421206231ccc

    • SHA512

      a9e54002d12055c14d36104abef2f92e6a103045adcb1f0b1c391c98032ed80c0eed18a04dc88be0bb73d57233f578570d686df0f31f556b8b493b747ad4967b

    • SSDEEP

      6144:c3vHCbhVoEylpWGo4K0mOnb6hNd0ZVm/:cKdVBylU0MN

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Modifies Installed Components in the registry

    • Deletes itself

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks