General

  • Target

    90636e2071ba6ac5f88528c55e655ca8

  • Size

    354KB

  • Sample

    240204-21a32schc8

  • MD5

    90636e2071ba6ac5f88528c55e655ca8

  • SHA1

    32b50e2449f4ed6b1326f359d272b3ed69bd4689

  • SHA256

    f8c294711ca0535b5301f56a977d651d54189eca90c5cc83a26cb4270124443f

  • SHA512

    0c8c61bff11c185c8345974f6ed37a0bbe133df2b7ce0c2adf3e1cb9a15f6721fc4b259ac5f667fb7b42fa4dbdfc5e99d6de64636c70c099c3e88864d47a3f4e

  • SSDEEP

    6144:thBepH41+m7vv47B32CEIsUozZ3bR4OD8yjJe6b+78x5mJBID791PD20/MV70xXe:eH4177vv4mIsUo9RDlk6KwbmXIFl1/gh

Malware Config

Extracted

Family

xtremerat

C2

kaan1993.zapto.org

Targets

    • Target

      90636e2071ba6ac5f88528c55e655ca8

    • Size

      354KB

    • MD5

      90636e2071ba6ac5f88528c55e655ca8

    • SHA1

      32b50e2449f4ed6b1326f359d272b3ed69bd4689

    • SHA256

      f8c294711ca0535b5301f56a977d651d54189eca90c5cc83a26cb4270124443f

    • SHA512

      0c8c61bff11c185c8345974f6ed37a0bbe133df2b7ce0c2adf3e1cb9a15f6721fc4b259ac5f667fb7b42fa4dbdfc5e99d6de64636c70c099c3e88864d47a3f4e

    • SSDEEP

      6144:thBepH41+m7vv47B32CEIsUozZ3bR4OD8yjJe6b+78x5mJBID791PD20/MV70xXe:eH4177vv4mIsUo9RDlk6KwbmXIFl1/gh

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Modifies Installed Components in the registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks