General

  • Target

    8ffb95d5e237a22a2773b17e34a4c6b0

  • Size

    668KB

  • Sample

    240204-yc91pabchl

  • MD5

    8ffb95d5e237a22a2773b17e34a4c6b0

  • SHA1

    7e74c23a6d66fc6ad4d6a5397642476af48735ad

  • SHA256

    31eb4492dbdb099fae987f89fdb66fcd2a79367d6112a7f4a3ae47fdfa9e62d5

  • SHA512

    e8a3c594e6d0009ad6cfe1f7d3341dcadac3fb536c001e0490c6b5f702abf904a30efc3964f797894c1aabbe03eb310d79ebf3e436b2a80c51dcc29de7f2aca8

  • SSDEEP

    12288:+OqBS5JJ/+EkGz1lr3nxGteN4r3t8UOGz624SitfLmygYuV:/CSYE7z193Rit8UJ62BmhgjV

Malware Config

Extracted

Family

xtremerat

C2

sweetma198.no-ip.info

Targets

    • Target

      8ffb95d5e237a22a2773b17e34a4c6b0

    • Size

      668KB

    • MD5

      8ffb95d5e237a22a2773b17e34a4c6b0

    • SHA1

      7e74c23a6d66fc6ad4d6a5397642476af48735ad

    • SHA256

      31eb4492dbdb099fae987f89fdb66fcd2a79367d6112a7f4a3ae47fdfa9e62d5

    • SHA512

      e8a3c594e6d0009ad6cfe1f7d3341dcadac3fb536c001e0490c6b5f702abf904a30efc3964f797894c1aabbe03eb310d79ebf3e436b2a80c51dcc29de7f2aca8

    • SSDEEP

      12288:+OqBS5JJ/+EkGz1lr3nxGteN4r3t8UOGz624SitfLmygYuV:/CSYE7z193Rit8UJ62BmhgjV

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Modifies Installed Components in the registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks