General

  • Target

    a5539e2dd3a08d1dc47e5a56cb1242f7

  • Size

    44KB

  • Sample

    240226-d5dgzacc8s

  • MD5

    a5539e2dd3a08d1dc47e5a56cb1242f7

  • SHA1

    fda44ff5cda685cfa2bc53f6e5488180a610cdc6

  • SHA256

    43d1870dfe95618f83394e3c30429ee6d5724c6c344f14742dd6c01bbb7a2bb4

  • SHA512

    19ec7ba47418dd502ad876fc4665c3bcaf56ff3edbc8554bdcc3d651d73954f969630c109e5bb9950bca0172950c9119f20e7bdc07aab9b8aeeed1defaad1373

  • SSDEEP

    768:rJr+tjFqTPkAlfzth1lr6an3smTq8uvm2DfOTwYPIGzoOL:9yRUHlrr1lr6an3TZuvm2buQaoOL

Malware Config

Extracted

Family

xtremerat

C2

kahba88.zapto.org

Targets

    • Target

      a5539e2dd3a08d1dc47e5a56cb1242f7

    • Size

      44KB

    • MD5

      a5539e2dd3a08d1dc47e5a56cb1242f7

    • SHA1

      fda44ff5cda685cfa2bc53f6e5488180a610cdc6

    • SHA256

      43d1870dfe95618f83394e3c30429ee6d5724c6c344f14742dd6c01bbb7a2bb4

    • SHA512

      19ec7ba47418dd502ad876fc4665c3bcaf56ff3edbc8554bdcc3d651d73954f969630c109e5bb9950bca0172950c9119f20e7bdc07aab9b8aeeed1defaad1373

    • SSDEEP

      768:rJr+tjFqTPkAlfzth1lr6an3smTq8uvm2DfOTwYPIGzoOL:9yRUHlrr1lr6an3TZuvm2buQaoOL

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Modifies Installed Components in the registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks