Resubmissions

04-02-2024 14:05

240204-rdxy7abde9 10

04-02-2024 14:01

240204-rbpvssbdb4 10

General

  • Target

    8f5469a91c469a777b1aa61b3fff945b

  • Size

    33KB

  • Sample

    240204-rdxy7abde9

  • MD5

    8f5469a91c469a777b1aa61b3fff945b

  • SHA1

    f114756cd989c03c0e91840e9b984320165755a2

  • SHA256

    ebae9ede81d32c6bcf3af11e09e7bafe00a4dc66a48f3354a84ec117d6f4979e

  • SHA512

    8ae6cf009922e12647570d33ac43d3cb017e5b1aa20aeac1eabd27337d710e06ccda6ade926545cb2f4de2cb67126c502b780d50a1de4c0509dfe930e58a8109

  • SSDEEP

    768:VMuijtHf5g7/IIG3bGcYDBSvFIWuePQtv66l+zIAO9gd0tD:eNW71rcYDAWeotvXl+/S

Malware Config

Extracted

Family

xtremerat

C2

l7n-alrhel.no-ip.biz

蠀Codejock COM Server Registrl7n-alrhel.no-ip.biz

Targets

    • Target

      8f5469a91c469a777b1aa61b3fff945b

    • Size

      33KB

    • MD5

      8f5469a91c469a777b1aa61b3fff945b

    • SHA1

      f114756cd989c03c0e91840e9b984320165755a2

    • SHA256

      ebae9ede81d32c6bcf3af11e09e7bafe00a4dc66a48f3354a84ec117d6f4979e

    • SHA512

      8ae6cf009922e12647570d33ac43d3cb017e5b1aa20aeac1eabd27337d710e06ccda6ade926545cb2f4de2cb67126c502b780d50a1de4c0509dfe930e58a8109

    • SSDEEP

      768:VMuijtHf5g7/IIG3bGcYDBSvFIWuePQtv66l+zIAO9gd0tD:eNW71rcYDAWeotvXl+/S

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks