General

  • Target

    84e5cf1efe8fe07b8f5e19219dc0484f

  • Size

    227KB

  • Sample

    240131-tz6vbsgeg6

  • MD5

    84e5cf1efe8fe07b8f5e19219dc0484f

  • SHA1

    8c79593e9b0be8c6c74bb24f57d3bf7e6f110a5d

  • SHA256

    f2171eb813e4df5d0b69787db7522b419210156f79ab844593c23db9e0e26569

  • SHA512

    81bc74c162aeed344b516e26abd20d75cedd78868bc9b450fd14edcb54868e566429296d85957dad4986b3fe178961b9e4cbf1f46ac9a3a63890f13fbed10d6c

  • SSDEEP

    3072:pGh07HKaA9MeB8gc5l/XTxG1tdkLOeq3Yw3cECf4B3Pu60rReZcymfgpSixpr9DQ:+aA9xq5pXdGPyLODsEDRPRYeWy/SiVc

Malware Config

Extracted

Family

xtremerat

C2

alfirdaws.no-ip.biz

Targets

    • Target

      84e5cf1efe8fe07b8f5e19219dc0484f

    • Size

      227KB

    • MD5

      84e5cf1efe8fe07b8f5e19219dc0484f

    • SHA1

      8c79593e9b0be8c6c74bb24f57d3bf7e6f110a5d

    • SHA256

      f2171eb813e4df5d0b69787db7522b419210156f79ab844593c23db9e0e26569

    • SHA512

      81bc74c162aeed344b516e26abd20d75cedd78868bc9b450fd14edcb54868e566429296d85957dad4986b3fe178961b9e4cbf1f46ac9a3a63890f13fbed10d6c

    • SSDEEP

      3072:pGh07HKaA9MeB8gc5l/XTxG1tdkLOeq3Yw3cECf4B3Pu60rReZcymfgpSixpr9DQ:+aA9xq5pXdGPyLODsEDRPRYeWy/SiVc

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks