General

  • Target

    8db6aaad907f51e4a772320bbe0ac0b3

  • Size

    188KB

  • Sample

    240204-acn68acha9

  • MD5

    8db6aaad907f51e4a772320bbe0ac0b3

  • SHA1

    cbf9de9973f8e52c5d000c2afe2d6b91b6192891

  • SHA256

    2f47ca298551bdf28d51739682701a989de4836223e8c4e6896f6a2a75bc5736

  • SHA512

    c3428550d2edcdc0d365fe91e62bf1908e1909839610dbfc1ed60a434b5a82e6df6030eedd158cf09338aa4de6eeee3a05f5c73778b12453e354e41f185eba06

  • SSDEEP

    3072:LcY2MnUstI5Ag7O40TqzMwvmjw5emJYSu+RvNgCg5uWKsu7J6hsb:Lv2mt+/7OdThwus5emGSc5uxsu7J6C

Malware Config

Extracted

Family

xtremerat

C2

hackerbnc.no-ip.biz

Targets

    • Target

      8db6aaad907f51e4a772320bbe0ac0b3

    • Size

      188KB

    • MD5

      8db6aaad907f51e4a772320bbe0ac0b3

    • SHA1

      cbf9de9973f8e52c5d000c2afe2d6b91b6192891

    • SHA256

      2f47ca298551bdf28d51739682701a989de4836223e8c4e6896f6a2a75bc5736

    • SHA512

      c3428550d2edcdc0d365fe91e62bf1908e1909839610dbfc1ed60a434b5a82e6df6030eedd158cf09338aa4de6eeee3a05f5c73778b12453e354e41f185eba06

    • SSDEEP

      3072:LcY2MnUstI5Ag7O40TqzMwvmjw5emJYSu+RvNgCg5uWKsu7J6hsb:Lv2mt+/7OdThwus5emGSc5uxsu7J6C

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks