General

  • Target

    848d70a1a511b508aa9c8f17f11fe5b8

  • Size

    310KB

  • Sample

    240131-qvxt3sdbh5

  • MD5

    848d70a1a511b508aa9c8f17f11fe5b8

  • SHA1

    a404f351f36f252c9d317379a0ddef80246011ab

  • SHA256

    9e062a277338fa22a89096a2b3a3e83aff243a2ce2b61ce030a00eba80e5f321

  • SHA512

    bfde8841732e21060a61907d0430ee738896a3602f9b1b81e198642f7bf2b488cff0a89f688cefb980f96669917801fb73efeece361442f568ea59267c04d667

  • SSDEEP

    6144:jyGr6QR1CLXxM6s3Ty/gfntbmFwAZlP6qlfpz:mq6QR1Ww3Ty+cZlPP

Malware Config

Targets

    • Target

      848d70a1a511b508aa9c8f17f11fe5b8

    • Size

      310KB

    • MD5

      848d70a1a511b508aa9c8f17f11fe5b8

    • SHA1

      a404f351f36f252c9d317379a0ddef80246011ab

    • SHA256

      9e062a277338fa22a89096a2b3a3e83aff243a2ce2b61ce030a00eba80e5f321

    • SHA512

      bfde8841732e21060a61907d0430ee738896a3602f9b1b81e198642f7bf2b488cff0a89f688cefb980f96669917801fb73efeece361442f568ea59267c04d667

    • SSDEEP

      6144:jyGr6QR1CLXxM6s3Ty/gfntbmFwAZlP6qlfpz:mq6QR1Ww3Ty+cZlPP

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks