General

  • Target

    b20874aaeea56f89b9df659829d75ca9

  • Size

    168KB

  • Sample

    240304-ntn5faad92

  • MD5

    b20874aaeea56f89b9df659829d75ca9

  • SHA1

    8ebd7f887ebc00087b61156e3adb5fabea8850fa

  • SHA256

    b927b4cb3dbe1d16df1342c4b3b966f2d133d3a2338eac8f66b49f6d882804b7

  • SHA512

    e0365ed612082b2659021a97c0f3e8dc76d90b8cabb6bba57a3229fa4cc0f0ff5f53a485343d0924288d95fdb89aeac09f079e747ed6fb542de8129b69f1798d

  • SSDEEP

    3072:pGCgP2gwtrP4dlpgc0qZ/RsZDGGewgnl0XbJmjeyZDGGewgNYamae0o:RMuZi/l9jZiOn

Malware Config

Targets

    • Target

      b20874aaeea56f89b9df659829d75ca9

    • Size

      168KB

    • MD5

      b20874aaeea56f89b9df659829d75ca9

    • SHA1

      8ebd7f887ebc00087b61156e3adb5fabea8850fa

    • SHA256

      b927b4cb3dbe1d16df1342c4b3b966f2d133d3a2338eac8f66b49f6d882804b7

    • SHA512

      e0365ed612082b2659021a97c0f3e8dc76d90b8cabb6bba57a3229fa4cc0f0ff5f53a485343d0924288d95fdb89aeac09f079e747ed6fb542de8129b69f1798d

    • SSDEEP

      3072:pGCgP2gwtrP4dlpgc0qZ/RsZDGGewgnl0XbJmjeyZDGGewgNYamae0o:RMuZi/l9jZiOn

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks