General

  • Target

    b69a49c0d880684a452ea12139a384e4

  • Size

    704KB

  • Sample

    240306-fzrthsda75

  • MD5

    b69a49c0d880684a452ea12139a384e4

  • SHA1

    4855e94fdbaaaf3540c46f14cd31a5b6233b5a23

  • SHA256

    c5c037b725f0faa03c79db6a5ce03be8a090c73c904c212af068e528c0b0e47d

  • SHA512

    756d1ecd299f1506b60e1f9e8e6e4bb583e0629cdda77e2c99c142c0cf5250b1aed025bd287326a15b11e9864c4fd16e21aa5f635842d4fa0fcd1dfb84c52d61

  • SSDEEP

    6144:yVCxQorM6j3wnE0zWkspyFev/sdqePfHR:iCxQoXjnzkspmx

Malware Config

Extracted

Family

xtremerat

C2

123boof.no-ip.org

Targets

    • Target

      b69a49c0d880684a452ea12139a384e4

    • Size

      704KB

    • MD5

      b69a49c0d880684a452ea12139a384e4

    • SHA1

      4855e94fdbaaaf3540c46f14cd31a5b6233b5a23

    • SHA256

      c5c037b725f0faa03c79db6a5ce03be8a090c73c904c212af068e528c0b0e47d

    • SHA512

      756d1ecd299f1506b60e1f9e8e6e4bb583e0629cdda77e2c99c142c0cf5250b1aed025bd287326a15b11e9864c4fd16e21aa5f635842d4fa0fcd1dfb84c52d61

    • SSDEEP

      6144:yVCxQorM6j3wnE0zWkspyFev/sdqePfHR:iCxQoXjnzkspmx

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks