General

  • Target

    b2151cc499871da9898bf11b82d9b128

  • Size

    384KB

  • Sample

    240304-n98tsaah79

  • MD5

    b2151cc499871da9898bf11b82d9b128

  • SHA1

    60a74fdbfd6e96885babb944531330dd066c1f91

  • SHA256

    fc80bf24edc58e548eed7eb045cdfb7b3940c373ae7a292a816e57d6ea42b123

  • SHA512

    106fb090c03178a3a5d6c039930a1d8e291ff0bf3591d242ef4b40359b116ab9b278f2c1c5ad205487de7d04ae269b6a88a564bd650f60a88c4b6148c7b13e96

  • SSDEEP

    6144:mDuXGpcRRu3E5rPzWS2jXkX+xiW6y5lr5/0KrwHqG2DFTUbKQX9DRnmwfFHxIg6u:mF45rPzWXj9j1eKS6FT2FX9tmAhp6+0e

Malware Config

Extracted

Family

xtremerat

C2

haitham.no-ip.info

Targets

    • Target

      b2151cc499871da9898bf11b82d9b128

    • Size

      384KB

    • MD5

      b2151cc499871da9898bf11b82d9b128

    • SHA1

      60a74fdbfd6e96885babb944531330dd066c1f91

    • SHA256

      fc80bf24edc58e548eed7eb045cdfb7b3940c373ae7a292a816e57d6ea42b123

    • SHA512

      106fb090c03178a3a5d6c039930a1d8e291ff0bf3591d242ef4b40359b116ab9b278f2c1c5ad205487de7d04ae269b6a88a564bd650f60a88c4b6148c7b13e96

    • SSDEEP

      6144:mDuXGpcRRu3E5rPzWS2jXkX+xiW6y5lr5/0KrwHqG2DFTUbKQX9DRnmwfFHxIg6u:mF45rPzWXj9j1eKS6FT2FX9tmAhp6+0e

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Modifies Installed Components in the registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks