General

  • Target

    c6a96acfc0d093a8c5090d50c57efebfecf18ccada224ffa8a21c357b118a900N.exe

  • Size

    420KB

  • Sample

    241205-sxahnszqdx

  • MD5

    eb559a01c1db2e84e7b2732b23efa2c0

  • SHA1

    b35ad4d355b407cecaf9fe147292a51fa1e18cb9

  • SHA256

    c6a96acfc0d093a8c5090d50c57efebfecf18ccada224ffa8a21c357b118a900

  • SHA512

    a9771a8d4778eb5e3b3f62fae89f0abcb270264bb59064b2d8855fcc5291983667f53a30d1edaf223208f7225aca50bead28ea04da27687c1966f4ccca6b7de0

  • SSDEEP

    6144:4+9hS3kbFRQqzfz7qeEzDSZbFm2A2g2McTrDLKmE:XMkHzfz77b62McTOmE

Malware Config

Extracted

Family

xtremerat

C2

sam-of.myq-see.com

Desktopsam-of.publicvm.com

Targets

    • Target

      c6a96acfc0d093a8c5090d50c57efebfecf18ccada224ffa8a21c357b118a900N.exe

    • Size

      420KB

    • MD5

      eb559a01c1db2e84e7b2732b23efa2c0

    • SHA1

      b35ad4d355b407cecaf9fe147292a51fa1e18cb9

    • SHA256

      c6a96acfc0d093a8c5090d50c57efebfecf18ccada224ffa8a21c357b118a900

    • SHA512

      a9771a8d4778eb5e3b3f62fae89f0abcb270264bb59064b2d8855fcc5291983667f53a30d1edaf223208f7225aca50bead28ea04da27687c1966f4ccca6b7de0

    • SSDEEP

      6144:4+9hS3kbFRQqzfz7qeEzDSZbFm2A2g2McTrDLKmE:XMkHzfz77b62McTOmE

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Xtremerat family

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks