General

  • Target

    b3d6ef674232af2e47181bacc8a87c8f

  • Size

    88KB

  • Sample

    240305-fmey7aeh6t

  • MD5

    b3d6ef674232af2e47181bacc8a87c8f

  • SHA1

    9e3b5029734d0512913dea64b4d4009a1922fb12

  • SHA256

    8f5176b11518d6740417c443a422be9d5a14d1425d9b1f2ab3ac4e41490c3c4d

  • SHA512

    556ad2bfba2425bcc69429220dc19722a2521e09ca03c13d40c32ccca6cb6f401c659c42ab209ca76a7581a41ae3abc4955e56e8adade549b880fa61c14f40ae

  • SSDEEP

    1536:/gsq+QV4rObAdNoAf5UqiYmlArNwsloxwja:d44rOR1Atloxp

Malware Config

Extracted

Family

xtremerat

C2

laptope.sytes.net

Targets

    • Target

      b3d6ef674232af2e47181bacc8a87c8f

    • Size

      88KB

    • MD5

      b3d6ef674232af2e47181bacc8a87c8f

    • SHA1

      9e3b5029734d0512913dea64b4d4009a1922fb12

    • SHA256

      8f5176b11518d6740417c443a422be9d5a14d1425d9b1f2ab3ac4e41490c3c4d

    • SHA512

      556ad2bfba2425bcc69429220dc19722a2521e09ca03c13d40c32ccca6cb6f401c659c42ab209ca76a7581a41ae3abc4955e56e8adade549b880fa61c14f40ae

    • SSDEEP

      1536:/gsq+QV4rObAdNoAf5UqiYmlArNwsloxwja:d44rOR1Atloxp

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Modifies Installed Components in the registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks