General

  • Target

    82806700a05b5b9feece3621fc61d855

  • Size

    68KB

  • Sample

    240130-vsmzbabdfk

  • MD5

    82806700a05b5b9feece3621fc61d855

  • SHA1

    9dfcc6dfd64c4246a2758f6973aac740da53f92d

  • SHA256

    4bfc4c6c5e4ea43dcdef252569954f0b2e7d40f6d4f6790b3fb3cea554ce1945

  • SHA512

    19350e21fbcf69eb67f348b2d58ad1f88a68522540b913e2297766c08020bbfdd75daa0037c90f4b75771a7f6f5f5e1481253eb22de0abed98b5c149e886d026

  • SSDEEP

    1536:hKMTA+8EZIydsU9Zr42nmqOPA2Z4r/ozJNgiGMsAK3:hK+IYH4jqOPLGevgVMsX3

Malware Config

Extracted

Family

xtremerat

C2

altagoor.no-ip.biz

Targets

    • Target

      82806700a05b5b9feece3621fc61d855

    • Size

      68KB

    • MD5

      82806700a05b5b9feece3621fc61d855

    • SHA1

      9dfcc6dfd64c4246a2758f6973aac740da53f92d

    • SHA256

      4bfc4c6c5e4ea43dcdef252569954f0b2e7d40f6d4f6790b3fb3cea554ce1945

    • SHA512

      19350e21fbcf69eb67f348b2d58ad1f88a68522540b913e2297766c08020bbfdd75daa0037c90f4b75771a7f6f5f5e1481253eb22de0abed98b5c149e886d026

    • SSDEEP

      1536:hKMTA+8EZIydsU9Zr42nmqOPA2Z4r/ozJNgiGMsAK3:hK+IYH4jqOPLGevgVMsX3

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks