General

  • Target

    a48ebd7bd4de2fe722345c6ca8d3f489

  • Size

    452KB

  • Sample

    240225-zjfk4acd7y

  • MD5

    a48ebd7bd4de2fe722345c6ca8d3f489

  • SHA1

    8a04b235efab8ab4bb0274c311a9e165e69dcb1e

  • SHA256

    000b12d343232bbd62d8ecccc799820c92d1a4afb0bedf3d14c1390d2adae8eb

  • SHA512

    de9a362cad7055b5fadd631bcb797e03f4f89d3ab084d5bf493f3cfed2725b0a9d3db263297017bb96995396287d71ab4668ad12da4320f023ea8c93a43a530e

  • SSDEEP

    6144:Bcfi/uIOP9291ZFJhKrH9R+xl58+nvUEyfe5iaJ:FhOFQZ8SKfGiaJ

Malware Config

Extracted

Family

xtremerat

C2

turkishwarrior.no-ip.biz

Targets

    • Target

      a48ebd7bd4de2fe722345c6ca8d3f489

    • Size

      452KB

    • MD5

      a48ebd7bd4de2fe722345c6ca8d3f489

    • SHA1

      8a04b235efab8ab4bb0274c311a9e165e69dcb1e

    • SHA256

      000b12d343232bbd62d8ecccc799820c92d1a4afb0bedf3d14c1390d2adae8eb

    • SHA512

      de9a362cad7055b5fadd631bcb797e03f4f89d3ab084d5bf493f3cfed2725b0a9d3db263297017bb96995396287d71ab4668ad12da4320f023ea8c93a43a530e

    • SSDEEP

      6144:Bcfi/uIOP9291ZFJhKrH9R+xl58+nvUEyfe5iaJ:FhOFQZ8SKfGiaJ

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks