General

  • Target

    b1d57d7efe9c54607c4e2c99563eb114

  • Size

    54KB

  • Sample

    240304-lypwesge43

  • MD5

    b1d57d7efe9c54607c4e2c99563eb114

  • SHA1

    737a830162ec053d1600b7d6e9bd88de9dbe35d2

  • SHA256

    ae624a71026226ecf9ad150f76f3a79b9fc7974b1d7f875bd36e62b478611982

  • SHA512

    3af85a6f8198a6c24e1144978491ab6d8c98a983d69e728f6997403d93b1a77975b8a466ac8c3550cb9508d44054646bc6903acafbc37ba37ac8ade6faf34261

  • SSDEEP

    768:+fahvI1PA7fdtH85vNsTpNypcGKyIV5zzeZN6XESzbdrZ9LPnrS0UpamTCU3r5eW:Wp4OOpNymyuz0NOrBvrNUdj3rQZgBb2I

Malware Config

Extracted

Family

xtremerat

C2

511s.no-ip.biz

top511.no-ip.biz

Criar arquivo de configur2020.dyndns.biz

1010.dyndns.biz

Targets

    • Target

      b1d57d7efe9c54607c4e2c99563eb114

    • Size

      54KB

    • MD5

      b1d57d7efe9c54607c4e2c99563eb114

    • SHA1

      737a830162ec053d1600b7d6e9bd88de9dbe35d2

    • SHA256

      ae624a71026226ecf9ad150f76f3a79b9fc7974b1d7f875bd36e62b478611982

    • SHA512

      3af85a6f8198a6c24e1144978491ab6d8c98a983d69e728f6997403d93b1a77975b8a466ac8c3550cb9508d44054646bc6903acafbc37ba37ac8ade6faf34261

    • SSDEEP

      768:+fahvI1PA7fdtH85vNsTpNypcGKyIV5zzeZN6XESzbdrZ9LPnrS0UpamTCU3r5eW:Wp4OOpNymyuz0NOrBvrNUdj3rQZgBb2I

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks