General

  • Target

    4c24336780f386be455a048edb0ace3a989288274ebb564ef2970db44498982fN.exe

  • Size

    125KB

  • Sample

    241217-3c151asld1

  • MD5

    f6b3f4d4c878f05f873fd8ef54df4cf0

  • SHA1

    79eb685414b1323f9e9f49f336117e2d4271b13f

  • SHA256

    4c24336780f386be455a048edb0ace3a989288274ebb564ef2970db44498982f

  • SHA512

    dd1e2035ae2d36907dfbc1799006df75f534e40f35c20fd5c27eb2ef46d143676558a770916a2f595d8f7fa3e308f4ce6605e04b098a408a37f0a5ae8302cf60

  • SSDEEP

    3072:d0PpDmmBFH6d23ggFLnfDtcwZp6tZ1krgQte0pXN:EFaFghpcwZp6Bk0Q13

Malware Config

Extracted

Family

xtremerat

C2

alnmroood.zapto.org

Targets

    • Target

      4c24336780f386be455a048edb0ace3a989288274ebb564ef2970db44498982fN.exe

    • Size

      125KB

    • MD5

      f6b3f4d4c878f05f873fd8ef54df4cf0

    • SHA1

      79eb685414b1323f9e9f49f336117e2d4271b13f

    • SHA256

      4c24336780f386be455a048edb0ace3a989288274ebb564ef2970db44498982f

    • SHA512

      dd1e2035ae2d36907dfbc1799006df75f534e40f35c20fd5c27eb2ef46d143676558a770916a2f595d8f7fa3e308f4ce6605e04b098a408a37f0a5ae8302cf60

    • SSDEEP

      3072:d0PpDmmBFH6d23ggFLnfDtcwZp6tZ1krgQte0pXN:EFaFghpcwZp6Bk0Q13

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Xtremerat family

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks