General

  • Target

    8d9d1e8bc4dc527d44bedcd8ac7c16a6

  • Size

    796KB

  • Sample

    240203-28xxsaeeam

  • MD5

    8d9d1e8bc4dc527d44bedcd8ac7c16a6

  • SHA1

    0a2fd33daab48eb130c1363178c2ad5e2b6d0a1d

  • SHA256

    eea3b797f4d9001954be563a1998ee34bb29781acf47abe76a6810c9203b1890

  • SHA512

    1a95b022dccf88b00eea058d053e9d3294bc560bf5c5bf8d91fa8887e9779bdf9caa2f4b0609eb168514ab563803b83b6bea2d453daddedca8715d34570378e5

  • SSDEEP

    3072:LjGV0FxQor6uW6jQq2b8sZpP7j8JfeT3Ep+7mh5RfrWjT+qbeCuqK:LiVCxQorM6jv2YsZpP8JfedChjr6Nu

Malware Config

Extracted

Family

xtremerat

C2

123boof.no-ip.org

Targets

    • Target

      8d9d1e8bc4dc527d44bedcd8ac7c16a6

    • Size

      796KB

    • MD5

      8d9d1e8bc4dc527d44bedcd8ac7c16a6

    • SHA1

      0a2fd33daab48eb130c1363178c2ad5e2b6d0a1d

    • SHA256

      eea3b797f4d9001954be563a1998ee34bb29781acf47abe76a6810c9203b1890

    • SHA512

      1a95b022dccf88b00eea058d053e9d3294bc560bf5c5bf8d91fa8887e9779bdf9caa2f4b0609eb168514ab563803b83b6bea2d453daddedca8715d34570378e5

    • SSDEEP

      3072:LjGV0FxQor6uW6jQq2b8sZpP7j8JfeT3Ep+7mh5RfrWjT+qbeCuqK:LiVCxQorM6jv2YsZpP8JfedChjr6Nu

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks