General

  • Target

    30cdbdd59960767bc78e08a0f59d7100N.exe

  • Size

    64KB

  • Sample

    240713-crjldsteng

  • MD5

    30cdbdd59960767bc78e08a0f59d7100

  • SHA1

    182db1c9e1473121d1fa4468f63dfba735786ba6

  • SHA256

    5063e120a317f4fc546b048ddd812da03c633227025faff4756afaa59b3f0cbc

  • SHA512

    025f30ad64baa30d1482ffd04bfd83abcb789dd5711c2af52b16c44e5a394eb6fc32b5ce617a26365e04a3def2d63cc6a1652c02bc94067090ce8aff5af80a20

  • SSDEEP

    768:rBr+tjFY90iY6W1jwmDzKgEFQXaklMIAn0tYCpP55u/5uizoh:FyRh31jxPEFQXak+05h5u/5uOoh

Malware Config

Extracted

Family

xtremerat

C2

kingofspeed.no-ip.org

Targets

    • Target

      30cdbdd59960767bc78e08a0f59d7100N.exe

    • Size

      64KB

    • MD5

      30cdbdd59960767bc78e08a0f59d7100

    • SHA1

      182db1c9e1473121d1fa4468f63dfba735786ba6

    • SHA256

      5063e120a317f4fc546b048ddd812da03c633227025faff4756afaa59b3f0cbc

    • SHA512

      025f30ad64baa30d1482ffd04bfd83abcb789dd5711c2af52b16c44e5a394eb6fc32b5ce617a26365e04a3def2d63cc6a1652c02bc94067090ce8aff5af80a20

    • SSDEEP

      768:rBr+tjFY90iY6W1jwmDzKgEFQXaklMIAn0tYCpP55u/5uizoh:FyRh31jxPEFQXak+05h5u/5uOoh

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Deletes itself

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks