General

  • Target

    b533b101db6fb2b5287f60f55aa15986

  • Size

    436KB

  • Sample

    240305-vjdpaabg3z

  • MD5

    b533b101db6fb2b5287f60f55aa15986

  • SHA1

    8fd603e55fd58163051c9a624bcc9c9060de84b0

  • SHA256

    2730eb30a809152b323077c2c522fb63b6f9a55c245b9031d4c6f85dece6c41b

  • SHA512

    4f344366aa706659daf7027b385e27960206e884a62c27f702e4a3e9270388bc8768c42195f1e8c31bebdd37f8f1748a770f3d00a72c90604dbb5dcd14811218

  • SSDEEP

    12288:7jkArEN249AyE/rbaMct4bO2/VqraBAyayg:wFE//Tct4bOssraBAyayg

Malware Config

Extracted

Family

xtremerat

C2

123vivalgerie.no-ip.biz

ƶallgeriaa.zapto.org

getdesktoppreviewinfo|130mahdidi.zapto.org

ƶ123vivalgerie.no-ip.biz

Targets

    • Target

      b533b101db6fb2b5287f60f55aa15986

    • Size

      436KB

    • MD5

      b533b101db6fb2b5287f60f55aa15986

    • SHA1

      8fd603e55fd58163051c9a624bcc9c9060de84b0

    • SHA256

      2730eb30a809152b323077c2c522fb63b6f9a55c245b9031d4c6f85dece6c41b

    • SHA512

      4f344366aa706659daf7027b385e27960206e884a62c27f702e4a3e9270388bc8768c42195f1e8c31bebdd37f8f1748a770f3d00a72c90604dbb5dcd14811218

    • SSDEEP

      12288:7jkArEN249AyE/rbaMct4bO2/VqraBAyayg:wFE//Tct4bOssraBAyayg

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

MITRE ATT&CK Enterprise v15

Tasks