General

  • Target

    a2d9a6c78101d836f450861bfbd012f1

  • Size

    243KB

  • Sample

    240224-17vklaff99

  • MD5

    a2d9a6c78101d836f450861bfbd012f1

  • SHA1

    13c80ec185952332f50ed2d241dd9cb4fe5b455c

  • SHA256

    af641e6b1b8097472d553c1ae807f5fc6d87dbd1533b3a3ed5f00c8e48c610bc

  • SHA512

    e8ba32a8e4583bdf7e95b2b22a16d8b2303e98401200c7c7aca3df47a5996f1cb9d0800946fc6a308e2a1eb0816fa7a21bdb71b5ef63eb13bef7143e1d765e90

  • SSDEEP

    3072:XFd2Afoka0uMMGYmKlMCJ+UrxkCkK9a7+Z3wCYdj8vK1HDvhk1eSkDyfCnewUmGX:1jQwuYKs7M3jvEu1nkaCneT3NmEQC

Malware Config

Extracted

Family

xtremerat

C2

umtakcicek.dyndns.org

ࠁ谀umtakcicek.dyndns.org

Targets

    • Target

      a2d9a6c78101d836f450861bfbd012f1

    • Size

      243KB

    • MD5

      a2d9a6c78101d836f450861bfbd012f1

    • SHA1

      13c80ec185952332f50ed2d241dd9cb4fe5b455c

    • SHA256

      af641e6b1b8097472d553c1ae807f5fc6d87dbd1533b3a3ed5f00c8e48c610bc

    • SHA512

      e8ba32a8e4583bdf7e95b2b22a16d8b2303e98401200c7c7aca3df47a5996f1cb9d0800946fc6a308e2a1eb0816fa7a21bdb71b5ef63eb13bef7143e1d765e90

    • SSDEEP

      3072:XFd2Afoka0uMMGYmKlMCJ+UrxkCkK9a7+Z3wCYdj8vK1HDvhk1eSkDyfCnewUmGX:1jQwuYKs7M3jvEu1nkaCneT3NmEQC

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Modifies Installed Components in the registry

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks