General

  • Target

    a58c3a86de87912a178dfa3dec802907

  • Size

    317KB

  • Sample

    240226-f5gwhaea26

  • MD5

    a58c3a86de87912a178dfa3dec802907

  • SHA1

    8bd22a3472f64cdf928da53ff34c5f7f76b61bc1

  • SHA256

    a7cb45ae13d3b223afe9770b3d703814bc71940b439e75bcb6aac41b82bf3830

  • SHA512

    5ec6f989aef055ed4fdbb64161b190f5bb928b5c7e8f2052531df0b4c8e812f5802949c2084a6349d97d6277b476f5211c32e3a7dc4b43d672bba023cba23c2a

  • SSDEEP

    6144:DcVoa+kiNm6LlJ+Mo4btDycigkwSQob+QwmTat9V7Zw:DOoPBNzuMFpycFw+Qwm49B

Malware Config

Extracted

Family

xtremerat

C2

wer99.no-ip.org

Targets

    • Target

      a58c3a86de87912a178dfa3dec802907

    • Size

      317KB

    • MD5

      a58c3a86de87912a178dfa3dec802907

    • SHA1

      8bd22a3472f64cdf928da53ff34c5f7f76b61bc1

    • SHA256

      a7cb45ae13d3b223afe9770b3d703814bc71940b439e75bcb6aac41b82bf3830

    • SHA512

      5ec6f989aef055ed4fdbb64161b190f5bb928b5c7e8f2052531df0b4c8e812f5802949c2084a6349d97d6277b476f5211c32e3a7dc4b43d672bba023cba23c2a

    • SSDEEP

      6144:DcVoa+kiNm6LlJ+Mo4btDycigkwSQob+QwmTat9V7Zw:DOoPBNzuMFpycFw+Qwm49B

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Modifies Installed Components in the registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks