General

  • Target

    a7522dc42b76f61883564549343933a5

  • Size

    226KB

  • Sample

    240226-zmfp9sgc7v

  • MD5

    a7522dc42b76f61883564549343933a5

  • SHA1

    e88bfb65b7a1436670834958e2e034368ba1e499

  • SHA256

    7fce756c9892c833c77140ca318cfdc5e53aac47f22e32e17a7355ac8b3c7a41

  • SHA512

    1f42bbd6d59b6540fa0096aa83393264c8ee7c4492a971e06eb29166a6aa7397e35920f7ec55ea3f7a7f283637811922ddaf74d970858e111799e6df58ecde6b

  • SSDEEP

    6144:UOy2YCh2Lsj520BIQzTpJw7GQwdKX5w+OGhLeUGC9UEBGMw:UOy2YUusU2JzTk7N/XWzGd5t

Malware Config

Extracted

Family

xtremerat

C2

mayorss.no-ip.biz

Targets

    • Target

      a7522dc42b76f61883564549343933a5

    • Size

      226KB

    • MD5

      a7522dc42b76f61883564549343933a5

    • SHA1

      e88bfb65b7a1436670834958e2e034368ba1e499

    • SHA256

      7fce756c9892c833c77140ca318cfdc5e53aac47f22e32e17a7355ac8b3c7a41

    • SHA512

      1f42bbd6d59b6540fa0096aa83393264c8ee7c4492a971e06eb29166a6aa7397e35920f7ec55ea3f7a7f283637811922ddaf74d970858e111799e6df58ecde6b

    • SSDEEP

      6144:UOy2YCh2Lsj520BIQzTpJw7GQwdKX5w+OGhLeUGC9UEBGMw:UOy2YUusU2JzTk7N/XWzGd5t

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks