General

  • Target

    a6506a40d522a744be02abe57dd40864

  • Size

    661KB

  • Sample

    240226-pa6e2sde4x

  • MD5

    a6506a40d522a744be02abe57dd40864

  • SHA1

    35eb03893099f7f97fd08ecb0bf48f5d73f05c24

  • SHA256

    0b9ae5b5e11e103e80c80e90d2aa3105accf8babbc1525a39def89105bc4092d

  • SHA512

    373b97614840dd795dcd09ac7967a2d2b78379a53cdc96da71c6f489ec79b24eabc9b1ecdddbe5251d829da01959c9fc665d30cb5a0b757c50edbaa144fd64b4

  • SSDEEP

    6144:1XFjjxnIgK54IQzeeeL4/QPnIgK54IQzeeeL4/Q9711j:11j9IgKKM4YPIgKKM4Yl1t

Malware Config

Extracted

Family

xtremerat

C2

oudy.no-ip.biz

Targets

    • Target

      a6506a40d522a744be02abe57dd40864

    • Size

      661KB

    • MD5

      a6506a40d522a744be02abe57dd40864

    • SHA1

      35eb03893099f7f97fd08ecb0bf48f5d73f05c24

    • SHA256

      0b9ae5b5e11e103e80c80e90d2aa3105accf8babbc1525a39def89105bc4092d

    • SHA512

      373b97614840dd795dcd09ac7967a2d2b78379a53cdc96da71c6f489ec79b24eabc9b1ecdddbe5251d829da01959c9fc665d30cb5a0b757c50edbaa144fd64b4

    • SSDEEP

      6144:1XFjjxnIgK54IQzeeeL4/QPnIgK54IQzeeeL4/Q9711j:11j9IgKKM4YPIgKKM4Yl1t

    • Detect XtremeRAT payload

    • Modifies WinLogon for persistence

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Adds policy Run key to start application

    • Modifies Installed Components in the registry

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks