Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-02-2024 08:08

General

  • Target

    8bd4640d8fb6f9fae84cb0e000ead681.exe

  • Size

    65KB

  • MD5

    8bd4640d8fb6f9fae84cb0e000ead681

  • SHA1

    81c189adbece5ca5a7805d0f053fe395d0646659

  • SHA256

    25c73df8c66bd861dfa9022b40b287e325d4ba3ff3c130e5f115e2376b29a83c

  • SHA512

    29a79d98c6fcb75e97f06b0cb94c48ecdb3596f83d196eabdd8f583d69565921ceb907ce5e80439a93db0f01f5d0e246396b4711dca5ab1fe3da7e10e524a8b8

  • SSDEEP

    768:E9m1Sq4NQNLBGH1vcz0wDeeQuMVTyN8ihHo37Vmd6AeXVtWAW7A+7yoNwqXSAHUp:lsq+QI6ZQuIyJh0mgA+FW0gNwEi

Malware Config

Signatures

  • Detect XtremeRAT payload 6 IoCs
  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\8bd4640d8fb6f9fae84cb0e000ead681.exe
    "C:\Users\Admin\AppData\Local\Temp\8bd4640d8fb6f9fae84cb0e000ead681.exe"
    1⤵
      PID:2772

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2772-0-0x0000000010000000-0x0000000010048000-memory.dmp

      Filesize

      288KB

    • memory/2772-1-0x0000000010000000-0x0000000010048000-memory.dmp

      Filesize

      288KB

    • memory/2772-2-0x0000000010000000-0x0000000010048000-memory.dmp

      Filesize

      288KB

    • memory/2772-3-0x0000000010000000-0x0000000010048000-memory.dmp

      Filesize

      288KB

    • memory/2772-4-0x0000000010000000-0x0000000010048000-memory.dmp

      Filesize

      288KB

    • memory/2772-8-0x0000000010000000-0x0000000010048000-memory.dmp

      Filesize

      288KB