General

  • Target

    9046f5b04eb364799ad349a6bb448f39

  • Size

    71KB

  • Sample

    240204-11fg4adgfk

  • MD5

    9046f5b04eb364799ad349a6bb448f39

  • SHA1

    8c87fc5d92592e81aab7f2d90295f6be444f9c88

  • SHA256

    97812441db77dfffa5933c69be126f7a456d5f28c453ff9f01e987b91469968d

  • SHA512

    9eceedc689692c71b6a14af82ec0e806d991c4dd3db63d4cbc0e6796589bebfa7515c7a37f6d1837527b30eb73cb1e4dda973fe4f2bd74488fee687b06a5d630

  • SSDEEP

    1536:9Tyu7Y6MqJjT0Nekm+OEcR1idVwCHupGVeOQg52e+lTFzy:8CY8TcekmTR1iwCHOiU5

Malware Config

Extracted

Family

xtremerat

C2

2011.no-ip.biz

bad.no-ip.biz

Targets

    • Target

      9046f5b04eb364799ad349a6bb448f39

    • Size

      71KB

    • MD5

      9046f5b04eb364799ad349a6bb448f39

    • SHA1

      8c87fc5d92592e81aab7f2d90295f6be444f9c88

    • SHA256

      97812441db77dfffa5933c69be126f7a456d5f28c453ff9f01e987b91469968d

    • SHA512

      9eceedc689692c71b6a14af82ec0e806d991c4dd3db63d4cbc0e6796589bebfa7515c7a37f6d1837527b30eb73cb1e4dda973fe4f2bd74488fee687b06a5d630

    • SSDEEP

      1536:9Tyu7Y6MqJjT0Nekm+OEcR1idVwCHupGVeOQg52e+lTFzy:8CY8TcekmTR1iwCHOiU5

    • Detect XtremeRAT payload

    • Modifies firewall policy service

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks