General

  • Target

    834f7ce0d80f71d0fcfbe09862151b23

  • Size

    227KB

  • Sample

    240131-dws63aaff6

  • MD5

    834f7ce0d80f71d0fcfbe09862151b23

  • SHA1

    632adebc9db71f9114abad45328538f8a28f0162

  • SHA256

    7f55d17b76f302e07edbc21096fcf218713b9ad06be597862a17a79ab288b583

  • SHA512

    199b3eaa642a2a4a3ab4caa98891d5f0e69e06eaaf8c2dfa7dcda1b9dda7e57d4fb1a0696d3d68d75b6dc3b103ecd4496f8def34c260701fb33562ee1af3080e

  • SSDEEP

    6144:h+sgruDIqjEmKpmFJ5eQzG6gjvkZMPu1ZcOFtym:NMuZba+QDjsZMVOFtym

Malware Config

Extracted

Family

xtremerat

C2

hackerbnc.no-ip.biz

Targets

    • Target

      834f7ce0d80f71d0fcfbe09862151b23

    • Size

      227KB

    • MD5

      834f7ce0d80f71d0fcfbe09862151b23

    • SHA1

      632adebc9db71f9114abad45328538f8a28f0162

    • SHA256

      7f55d17b76f302e07edbc21096fcf218713b9ad06be597862a17a79ab288b583

    • SHA512

      199b3eaa642a2a4a3ab4caa98891d5f0e69e06eaaf8c2dfa7dcda1b9dda7e57d4fb1a0696d3d68d75b6dc3b103ecd4496f8def34c260701fb33562ee1af3080e

    • SSDEEP

      6144:h+sgruDIqjEmKpmFJ5eQzG6gjvkZMPu1ZcOFtym:NMuZba+QDjsZMVOFtym

    • Detect XtremeRAT payload

    • UAC bypass

    • Windows security bypass

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks