General

  • Target

    afb2547a6a546a00e640e6ad45594247

  • Size

    351KB

  • Sample

    240229-211cyafd88

  • MD5

    afb2547a6a546a00e640e6ad45594247

  • SHA1

    fa5bde5996e5108a45d3d5a22d9c17acdad08264

  • SHA256

    799bc643cfd5b436e6226d5c42e3bef2cae2a4dcd5839924acfcd10fd403036b

  • SHA512

    8abfbb256d8b78bdb4e2046996c8a589062e416cd32935642bde463acbe341e0582ded3dffb9fe736875ea62bcb1f42e1996156e1af7cbea36d2bebf8047115c

  • SSDEEP

    3072:PrMUbMvKPFqJHOULc5kAVerPSfa+S1b7ziXFFJyiyO9BeBg5LfhVGjkVBw/TMGZT:j8a/S1OzJ7DDfhVGGIzxpXkIdZr

Malware Config

Targets

    • Target

      afb2547a6a546a00e640e6ad45594247

    • Size

      351KB

    • MD5

      afb2547a6a546a00e640e6ad45594247

    • SHA1

      fa5bde5996e5108a45d3d5a22d9c17acdad08264

    • SHA256

      799bc643cfd5b436e6226d5c42e3bef2cae2a4dcd5839924acfcd10fd403036b

    • SHA512

      8abfbb256d8b78bdb4e2046996c8a589062e416cd32935642bde463acbe341e0582ded3dffb9fe736875ea62bcb1f42e1996156e1af7cbea36d2bebf8047115c

    • SSDEEP

      3072:PrMUbMvKPFqJHOULc5kAVerPSfa+S1b7ziXFFJyiyO9BeBg5LfhVGjkVBw/TMGZT:j8a/S1OzJ7DDfhVGGIzxpXkIdZr

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Modifies Installed Components in the registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks