General

  • Target

    8ec82ca83b465f1833f5df5a16bcdc4f

  • Size

    81KB

  • Sample

    240204-k99vasgdcj

  • MD5

    8ec82ca83b465f1833f5df5a16bcdc4f

  • SHA1

    047be141ec6fd5f150b1bd015b437e3a683607d8

  • SHA256

    24c71817c6727812a252651685ae359cd67cd59b32ba2500012d66680652211b

  • SHA512

    b859d853895fe82a251e865f2b8477ed6204f2cec94f4430729fe929dedd9ad2dc0db4f5aa5c873a04705e9272b41b99ec5642c90064aeb7199c92f05ac92dc1

  • SSDEEP

    768:rBr+tjFqTPkAlfztB1lr6an3smTA8uvm26rzocCEeU2FMQB9Yl:FyRUHlrL1lr6an3TLuvm26vocf6MQBa

Malware Config

Extracted

Family

xtremerat

C2

用尰rivalvoy.no-ip.org

Targets

    • Target

      8ec82ca83b465f1833f5df5a16bcdc4f

    • Size

      81KB

    • MD5

      8ec82ca83b465f1833f5df5a16bcdc4f

    • SHA1

      047be141ec6fd5f150b1bd015b437e3a683607d8

    • SHA256

      24c71817c6727812a252651685ae359cd67cd59b32ba2500012d66680652211b

    • SHA512

      b859d853895fe82a251e865f2b8477ed6204f2cec94f4430729fe929dedd9ad2dc0db4f5aa5c873a04705e9272b41b99ec5642c90064aeb7199c92f05ac92dc1

    • SSDEEP

      768:rBr+tjFqTPkAlfztB1lr6an3smTA8uvm26rzocCEeU2FMQB9Yl:FyRUHlrL1lr6an3TLuvm26vocf6MQBa

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Modifies Installed Components in the registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks