General

  • Target

    8eb357b2027d8f8562c432411967d1f0

  • Size

    316KB

  • Sample

    240204-khsfyadea3

  • MD5

    8eb357b2027d8f8562c432411967d1f0

  • SHA1

    df26f4f054b055ee07bda9d009db22b0b85df845

  • SHA256

    dae55d1a80a83d50d4f9c03d2eb4e610ead081924baec736cef4d894bb7eaec9

  • SHA512

    b4326bf10d207c1bfeacc098cd710d9637af2e3e2df35b57b7bde40b83ca795d3479a9b54b0bdb8c651195b2f84f9dfb1f68b2685429d048b74955a74698e73b

  • SSDEEP

    1536:aYoUrxSEGfUWwdVPZZRRsoDJIArHcC7QRK4KtWfWMnrH91WqLkK:2Ur/GfUtZZvJNHERPffp1Wik

Malware Config

Extracted

Family

xtremerat

C2

becha.no-ip.biz

Targets

    • Target

      8eb357b2027d8f8562c432411967d1f0

    • Size

      316KB

    • MD5

      8eb357b2027d8f8562c432411967d1f0

    • SHA1

      df26f4f054b055ee07bda9d009db22b0b85df845

    • SHA256

      dae55d1a80a83d50d4f9c03d2eb4e610ead081924baec736cef4d894bb7eaec9

    • SHA512

      b4326bf10d207c1bfeacc098cd710d9637af2e3e2df35b57b7bde40b83ca795d3479a9b54b0bdb8c651195b2f84f9dfb1f68b2685429d048b74955a74698e73b

    • SSDEEP

      1536:aYoUrxSEGfUWwdVPZZRRsoDJIArHcC7QRK4KtWfWMnrH91WqLkK:2Ur/GfUtZZvJNHERPffp1Wik

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks