General

  • Target

    9127cc684082436bc91e3d3ade726bce

  • Size

    132KB

  • Sample

    240205-f4ysmadfcp

  • MD5

    9127cc684082436bc91e3d3ade726bce

  • SHA1

    3a4209ec8033ca0d643fdcb04878929198778aa2

  • SHA256

    8650ae97fd82c150b199d7dacc7f74c07a1ead1566d45f04a2a081832f0b66f7

  • SHA512

    fe6b6ff2c4af24a24158a6112049ecac95e474a691a7cadbb835333800d12761f5d8ea4ee2feed364aac8def3a6418d3ba06cdaa92c6129b2a6962e4648b0aff

  • SSDEEP

    3072:bMSncRzAOIYbmnexP37emmhzbB81Cn0/LoZv:ASncRlkn4yRN8cnIL

Malware Config

Targets

    • Target

      9127cc684082436bc91e3d3ade726bce

    • Size

      132KB

    • MD5

      9127cc684082436bc91e3d3ade726bce

    • SHA1

      3a4209ec8033ca0d643fdcb04878929198778aa2

    • SHA256

      8650ae97fd82c150b199d7dacc7f74c07a1ead1566d45f04a2a081832f0b66f7

    • SHA512

      fe6b6ff2c4af24a24158a6112049ecac95e474a691a7cadbb835333800d12761f5d8ea4ee2feed364aac8def3a6418d3ba06cdaa92c6129b2a6962e4648b0aff

    • SSDEEP

      3072:bMSncRzAOIYbmnexP37emmhzbB81Cn0/LoZv:ASncRlkn4yRN8cnIL

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Modifies Installed Components in the registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks