General

  • Target

    b0631a4798438fdf2d5ad34de0222b92

  • Size

    236KB

  • Sample

    240303-zkhf3sgg73

  • MD5

    b0631a4798438fdf2d5ad34de0222b92

  • SHA1

    24d30e339a73372234790146df7c6aa4f7c75a4c

  • SHA256

    931502bc79b5bd2a5d05e196edf60411e779bdaa2df9c4c58d8a507ab69e8538

  • SHA512

    2fb0f371c4e3fd4109e1cf369ceb5388139af3fd364e5439477f5e9582b9bf1deaca932b7ede11c4ebf916e401525a985c622ad0a5817cd1d36b4ea0b3d36079

  • SSDEEP

    6144:K6ORml+g8HgQ5XGnbf4r81KLGWCYLHOa9TjeeU:3O48HTig8AxCYjOawR

Malware Config

Extracted

Family

xtremerat

C2

amrmora.no-ip.org

Targets

    • Target

      b0631a4798438fdf2d5ad34de0222b92

    • Size

      236KB

    • MD5

      b0631a4798438fdf2d5ad34de0222b92

    • SHA1

      24d30e339a73372234790146df7c6aa4f7c75a4c

    • SHA256

      931502bc79b5bd2a5d05e196edf60411e779bdaa2df9c4c58d8a507ab69e8538

    • SHA512

      2fb0f371c4e3fd4109e1cf369ceb5388139af3fd364e5439477f5e9582b9bf1deaca932b7ede11c4ebf916e401525a985c622ad0a5817cd1d36b4ea0b3d36079

    • SSDEEP

      6144:K6ORml+g8HgQ5XGnbf4r81KLGWCYLHOa9TjeeU:3O48HTig8AxCYjOawR

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks