General

  • Target

    840d4c2cd9b991ea7898459003848c84

  • Size

    134KB

  • Sample

    240131-ldrjhsaghp

  • MD5

    840d4c2cd9b991ea7898459003848c84

  • SHA1

    46fa02b7a696b66a0d903f1d4643c8c05bd2dc73

  • SHA256

    910e82aa76f384acecc91792b27684ae5b58e597302577b9c3ba3accb376c73f

  • SHA512

    42faaf52d6e54d98c772d9abb1d5c0dae04618357586a300fc7e7123dd8898ac85227e6692fff2bce97bed5381772948e0ad674e00e210c2bf936a96a37aaa4e

  • SSDEEP

    3072:50gWxxNVc+F4Uu804+wk0kVrrJtdlTNsnBB:50ZBFHu87+30kNdfsBB

Malware Config

Extracted

Family

xtremerat

C2

sanfou25.no-ip.biz

Targets

    • Target

      840d4c2cd9b991ea7898459003848c84

    • Size

      134KB

    • MD5

      840d4c2cd9b991ea7898459003848c84

    • SHA1

      46fa02b7a696b66a0d903f1d4643c8c05bd2dc73

    • SHA256

      910e82aa76f384acecc91792b27684ae5b58e597302577b9c3ba3accb376c73f

    • SHA512

      42faaf52d6e54d98c772d9abb1d5c0dae04618357586a300fc7e7123dd8898ac85227e6692fff2bce97bed5381772948e0ad674e00e210c2bf936a96a37aaa4e

    • SSDEEP

      3072:50gWxxNVc+F4Uu804+wk0kVrrJtdlTNsnBB:50ZBFHu87+30kNdfsBB

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks