General

  • Target

    901eee3151a59fcb371060f82545abe2

  • Size

    113KB

  • Sample

    240204-zl2w4scdfq

  • MD5

    901eee3151a59fcb371060f82545abe2

  • SHA1

    43ab2f2222ce9929b628f694e6da4eac7d9e005f

  • SHA256

    4c78c560cab7fb4b74e95765487a86becffc86766f9d49c460b4ad5f6d3ac366

  • SHA512

    386b74fb383751c1a55ae2baecd0046fd53f31af4269e1432222184140d007432cb2ab2bef29e0e60a11f7b3ab5b858595baf4710e00c6dbc81c061b5b160e46

  • SSDEEP

    1536:8C5p7b0RGwWtTYGUFwMeAur6vcOAFpRJNF+75DUSvHgMpvP5D9xOPcJS7:8Ido8tEMF+ErFnJkUmAMVRccJS7

Malware Config

Extracted

Family

xtremerat

C2

x0n1rlz.no-ip.biz

Targets

    • Target

      901eee3151a59fcb371060f82545abe2

    • Size

      113KB

    • MD5

      901eee3151a59fcb371060f82545abe2

    • SHA1

      43ab2f2222ce9929b628f694e6da4eac7d9e005f

    • SHA256

      4c78c560cab7fb4b74e95765487a86becffc86766f9d49c460b4ad5f6d3ac366

    • SHA512

      386b74fb383751c1a55ae2baecd0046fd53f31af4269e1432222184140d007432cb2ab2bef29e0e60a11f7b3ab5b858595baf4710e00c6dbc81c061b5b160e46

    • SSDEEP

      1536:8C5p7b0RGwWtTYGUFwMeAur6vcOAFpRJNF+75DUSvHgMpvP5D9xOPcJS7:8Ido8tEMF+ErFnJkUmAMVRccJS7

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Modifies Installed Components in the registry

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks