General

  • Target

    8415fa37eb630db0d0663294a6925a58

  • Size

    526KB

  • Sample

    240131-lpjm2shde8

  • MD5

    8415fa37eb630db0d0663294a6925a58

  • SHA1

    843fcd503968de01b0a898d877500ab7ba5c1a8c

  • SHA256

    01f10db385d50b10de4916783d8e9d187af1deda13d7512f801a8e7773512ac8

  • SHA512

    06c08a16dc19c6763b547714b6c1a53379354bb7d8a6503f35cf921db48ed8e8d8912da398cdfba1dcb58ff20887383a8368444e31dadac44465dd9234fa8507

  • SSDEEP

    6144:TFYu7hnQk0AKKRuiCPM2JHqF1CyOjFy9MW7TL2EnIgK54IQzeeeL4/o:TThd3RyrJ2CyOJCpIgKKM4g

Malware Config

Targets

    • Target

      8415fa37eb630db0d0663294a6925a58

    • Size

      526KB

    • MD5

      8415fa37eb630db0d0663294a6925a58

    • SHA1

      843fcd503968de01b0a898d877500ab7ba5c1a8c

    • SHA256

      01f10db385d50b10de4916783d8e9d187af1deda13d7512f801a8e7773512ac8

    • SHA512

      06c08a16dc19c6763b547714b6c1a53379354bb7d8a6503f35cf921db48ed8e8d8912da398cdfba1dcb58ff20887383a8368444e31dadac44465dd9234fa8507

    • SSDEEP

      6144:TFYu7hnQk0AKKRuiCPM2JHqF1CyOjFy9MW7TL2EnIgK54IQzeeeL4/o:TThd3RyrJ2CyOJCpIgKKM4g

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Modifies Installed Components in the registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks