General

  • Target

    a446958342327d51ee0eed7646d0f82f

  • Size

    436KB

  • Sample

    240225-t75x1aha5x

  • MD5

    a446958342327d51ee0eed7646d0f82f

  • SHA1

    b08b30e871e00583837ff142061f7522869b8bbe

  • SHA256

    bb266fe380c6e0207abf4a41bcb92916d6bf5b31fad084356269b74ef1c69a4c

  • SHA512

    bd1c23ffa817c076d847d279c428697fe0f792c94423dd40621254448844ed72a5877bb6f5269520b3e8cff78343a7e3a2cfecac03ee59ba66b84f3eae1e4229

  • SSDEEP

    12288:7jkArEN249AyE/rbaMct4bO2/VqraB3yOyz:wFE//Tct4bOssraB3yOyz

Malware Config

Extracted

Family

xtremerat

C2

123vivalgerie.no-ip.biz

ƶallgeriaa.zapto.org

getdesktoppreviewinfo|130mahdidi.zapto.org

ƶ123vivalgerie.no-ip.biz

Targets

    • Target

      a446958342327d51ee0eed7646d0f82f

    • Size

      436KB

    • MD5

      a446958342327d51ee0eed7646d0f82f

    • SHA1

      b08b30e871e00583837ff142061f7522869b8bbe

    • SHA256

      bb266fe380c6e0207abf4a41bcb92916d6bf5b31fad084356269b74ef1c69a4c

    • SHA512

      bd1c23ffa817c076d847d279c428697fe0f792c94423dd40621254448844ed72a5877bb6f5269520b3e8cff78343a7e3a2cfecac03ee59ba66b84f3eae1e4229

    • SSDEEP

      12288:7jkArEN249AyE/rbaMct4bO2/VqraB3yOyz:wFE//Tct4bOssraB3yOyz

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

MITRE ATT&CK Enterprise v15

Tasks