General

  • Target

    b66efaafe2f9a283c9259b9606c02867

  • Size

    1.3MB

  • Sample

    240306-ecdspsbf44

  • MD5

    b66efaafe2f9a283c9259b9606c02867

  • SHA1

    5e8cdc54053a78cba005d3d3a0c7551343ed0178

  • SHA256

    9101b64374031a1b14a7dcf5c9c4afd8715e67da8704ffd74727349571713494

  • SHA512

    9862a979855a44389bebd8e455176bf69adf6acc00a62424390b4c240fbc3027c0a3fd8b2d04adfb3117ddb5d969ed5e8da453eebacdf7b9794023e10d96d281

  • SSDEEP

    24576:Wq6gwt+M9LXNI1JyQOH9ZDZsy0lh4IorVi9/YHV31RKctRD4kAf:W6wtfXKDyx9Z2yK6Vi9w131j7DK

Malware Config

Targets

    • Target

      b66efaafe2f9a283c9259b9606c02867

    • Size

      1.3MB

    • MD5

      b66efaafe2f9a283c9259b9606c02867

    • SHA1

      5e8cdc54053a78cba005d3d3a0c7551343ed0178

    • SHA256

      9101b64374031a1b14a7dcf5c9c4afd8715e67da8704ffd74727349571713494

    • SHA512

      9862a979855a44389bebd8e455176bf69adf6acc00a62424390b4c240fbc3027c0a3fd8b2d04adfb3117ddb5d969ed5e8da453eebacdf7b9794023e10d96d281

    • SSDEEP

      24576:Wq6gwt+M9LXNI1JyQOH9ZDZsy0lh4IorVi9/YHV31RKctRD4kAf:W6wtfXKDyx9Z2yK6Vi9w131j7DK

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks