General

  • Target

    9148a68cc64a0ba3c0a541f666526b90

  • Size

    248KB

  • Sample

    240205-hbdm4aegbj

  • MD5

    9148a68cc64a0ba3c0a541f666526b90

  • SHA1

    adeb03e2d2faa2522d404dcf23edc02c2b0e9e1b

  • SHA256

    ff6370d7ca311c96c4f4a45e899ad86ad520a7039c94051438830888faeaba9a

  • SHA512

    09f7cd502138973546c55564b212437924518640a41940b5444cc5b9d34e6bb3e530b43de4e382f70a0d707bcbedecd54593a4e683143f967cbbc1e82518bbec

  • SSDEEP

    6144:ULPILXqdScn3bpDGs8BcMMeU2kMlm4q4AgCNWLIwoJQF9VJ:ULPnVndvmxnUz4AgSCIUn3

Malware Config

Extracted

Family

xtremerat

C2

wer99.no-ip.org

Targets

    • Target

      9148a68cc64a0ba3c0a541f666526b90

    • Size

      248KB

    • MD5

      9148a68cc64a0ba3c0a541f666526b90

    • SHA1

      adeb03e2d2faa2522d404dcf23edc02c2b0e9e1b

    • SHA256

      ff6370d7ca311c96c4f4a45e899ad86ad520a7039c94051438830888faeaba9a

    • SHA512

      09f7cd502138973546c55564b212437924518640a41940b5444cc5b9d34e6bb3e530b43de4e382f70a0d707bcbedecd54593a4e683143f967cbbc1e82518bbec

    • SSDEEP

      6144:ULPILXqdScn3bpDGs8BcMMeU2kMlm4q4AgCNWLIwoJQF9VJ:ULPnVndvmxnUz4AgSCIUn3

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Modifies Installed Components in the registry

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks