General

  • Target

    b70560b217593bd69feed94c883f38a6

  • Size

    484KB

  • Sample

    240306-ktzpdsgf85

  • MD5

    b70560b217593bd69feed94c883f38a6

  • SHA1

    8463415d59086cad9fa5aa417e603925e4f6d34d

  • SHA256

    754567bd064a3e9ea7bf37f54db6b0897535d90cf35a931ca31d4b1e85566f8f

  • SHA512

    487895cdfa7aa7a1440c56d3fba6b92478a5527cbaff4a52c790ed39b033d5a0583d75d4d7490ccc00fef897e5975eedc1240051cd269d9770f337a9b5e0f7e4

  • SSDEEP

    12288:wm0M7wWo5ilMmj8te+WwGUXeMW2+pd167QhE9o1ke:wm0F7ElMmj8tcnGe56EhSoee

Malware Config

Extracted

Family

xtremerat

C2

rabah1627.zapto.org

Targets

    • Target

      b70560b217593bd69feed94c883f38a6

    • Size

      484KB

    • MD5

      b70560b217593bd69feed94c883f38a6

    • SHA1

      8463415d59086cad9fa5aa417e603925e4f6d34d

    • SHA256

      754567bd064a3e9ea7bf37f54db6b0897535d90cf35a931ca31d4b1e85566f8f

    • SHA512

      487895cdfa7aa7a1440c56d3fba6b92478a5527cbaff4a52c790ed39b033d5a0583d75d4d7490ccc00fef897e5975eedc1240051cd269d9770f337a9b5e0f7e4

    • SSDEEP

      12288:wm0M7wWo5ilMmj8te+WwGUXeMW2+pd167QhE9o1ke:wm0F7ElMmj8tcnGe56EhSoee

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Modifies Installed Components in the registry

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks