Overview

overview

10

Static

static

3

e365dddfcc...18.exe

windows7-x64

10

e365dddfcc...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e365dddfcc17c39934118549a051ebc6_JaffaCakes118

  • Size

    324KB

  • Sample

    240406-126qnsdb38

  • MD5

    e365dddfcc17c39934118549a051ebc6

  • SHA1

    1633f6c61b226fbfff41ca0e7e0f19390f749a9b

  • SHA256

    cc1a3caa09005dbee6251c4f291c8f2dde1a4d9f7ee3d2f97937cab7fb705c4a

  • SHA512

    2302bf036c0affb8a6a9b3316b398aaf6c49a9ff8766d130609f92060f67bfcc7e427a5cbd8957e6eea3e68be09db778d3d55c0711bed12254e85deb84b6aae8

  • SSDEEP

    3072:Nfyr0uNHBy3CAsVZjiloZUQjDW6lp1oQCRXapFziJFE4SkqMZ8PtU3xTvvZ2Wtm:CJrtENSkqMZ8PtUhvvZ2Wtm

Score
10/10
xtremeratpersistenceratspyware

Malware Config

Extracted

Family

xtremerat

C2

almm.no-ip.biz

Targets

    • Target

      e365dddfcc17c39934118549a051ebc6_JaffaCakes118

    • Size

      324KB

    • MD5

      e365dddfcc17c39934118549a051ebc6

    • SHA1

      1633f6c61b226fbfff41ca0e7e0f19390f749a9b

    • SHA256

      cc1a3caa09005dbee6251c4f291c8f2dde1a4d9f7ee3d2f97937cab7fb705c4a

    • SHA512

      2302bf036c0affb8a6a9b3316b398aaf6c49a9ff8766d130609f92060f67bfcc7e427a5cbd8957e6eea3e68be09db778d3d55c0711bed12254e85deb84b6aae8

    • SSDEEP

      3072:Nfyr0uNHBy3CAsVZjiloZUQjDW6lp1oQCRXapFziJFE4SkqMZ8PtU3xTvvZ2Wtm:CJrtENSkqMZ8PtUhvvZ2Wtm

    Score
    10/10
    xtremeratpersistenceratspyware

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

      persistencespywareratxtremerat

    • Modifies Installed Components in the registry

      persistence

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks