General

  • Target

    9001af564039f77fda1d890153a599e2

  • Size

    80KB

  • Sample

    240204-ykdbpabefn

  • MD5

    9001af564039f77fda1d890153a599e2

  • SHA1

    78d43a65f42a265c588fe7f0c65a5a73c6a05464

  • SHA256

    ff2d3ac7d2f768dc94554df7a40a1d2f8ee8e1d0843a14de573c275d3ab40de6

  • SHA512

    98bde20452ded3afea98a5109e52838acc391d856f124fa02116910202ae6cc1e0048946b209847effc4bd9ba9ff1e8e63abdfeccdd1b09fad2fdd6a2bea4999

  • SSDEEP

    768:u4egZtpjuTZsy8RXLbUKFHzoxBGEe5q1popcPna:zYd58RXLbUcToxBAWpopS

Malware Config

Targets

    • Target

      9001af564039f77fda1d890153a599e2

    • Size

      80KB

    • MD5

      9001af564039f77fda1d890153a599e2

    • SHA1

      78d43a65f42a265c588fe7f0c65a5a73c6a05464

    • SHA256

      ff2d3ac7d2f768dc94554df7a40a1d2f8ee8e1d0843a14de573c275d3ab40de6

    • SHA512

      98bde20452ded3afea98a5109e52838acc391d856f124fa02116910202ae6cc1e0048946b209847effc4bd9ba9ff1e8e63abdfeccdd1b09fad2fdd6a2bea4999

    • SSDEEP

      768:u4egZtpjuTZsy8RXLbUKFHzoxBGEe5q1popcPna:zYd58RXLbUcToxBAWpopS

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Modifies Installed Components in the registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks