General

  • Target

    b7deb24a21435cf620d3f9dfebad7248f996c6f09944736ce03cc48573a44080

  • Size

    114KB

  • Sample

    240721-sdnk7awdmj

  • MD5

    2aeb5c6cdeac5e650ce0f259f89cd7a8

  • SHA1

    ad8ce777bce79a13bff7cf0fc1618f9ab905a5c7

  • SHA256

    b7deb24a21435cf620d3f9dfebad7248f996c6f09944736ce03cc48573a44080

  • SHA512

    bb7312f86c99f46dcd8a6c6203dff484c0ec06ead5485658c46fb96af23ae129f8f4dfdb946d68f564203d05c1399b10e545ff0a1c706b311bec3eb1d5f7b1d5

  • SSDEEP

    3072:/sNcJffRuVrtn/WFF3RzMJQ5BWls2aIwAx/iUhKEG7Qr://fgl/2nzMQ/WlsMwANtusr

Malware Config

Targets

    • Target

      XTremeRAT_silvia.exe_ FB6E419E0FD9C2F39BE43BCADBD2879F

    • Size

      228KB

    • MD5

      fb6e419e0fd9c2f39be43bcadbd2879f

    • SHA1

      a07209729e6f93e80fb116f18f746aad4b7400c5

    • SHA256

      25d4f6a5ba2e04660e761eb1c5c40fe91b7f2a59aa2bdb8f69bfd7ed78d62d38

    • SHA512

      f3b4d2150f81dc3942f1d5120701f78107a3002dddfd0ab03f4edf5d2f829bc504cc35a01f978fa764b70f12f56eb8f81e9364c9baae5fa3e9944c90d52ed1bd

    • SSDEEP

      3072:Z4lRkAehGfzmuqTPryFq2TTNTJTCN5gTGhSkT5dgsUGOgkBFVYbsVTHuGETXvOTf:Z4lRkAehaKuqT+FJ85p8mlq0r0ds8

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks