General

  • Target

    34966b15f464c322c1156e6efd6b9d66_JaffaCakes118

  • Size

    165KB

  • Sample

    240710-nx8y1sxhmh

  • MD5

    34966b15f464c322c1156e6efd6b9d66

  • SHA1

    13dc4f708ed488abd3e896d4ec46bc1adea4b7c2

  • SHA256

    9fc2d0c7f305beb456e052e3917e9eafb80f241161c5d4d8c3a3ae0d0fd236b0

  • SHA512

    38ec58bc801d3b6b55a23146d0ac60e59e507f8f85e0b228ca5812455df8eebfee0034d8929a473528f2d38c01d3b2aabbec02cc280990f4882bf87139dc2072

  • SSDEEP

    3072:DyRUZ7vAsnPKlXlSnr7V/rj+VLOG/+HoSIW2YygMy/Yjx:GqZ7oVXlSnpj+VLOG/0IW2WAN

Malware Config

Extracted

Family

xtremerat

C2

ˆx4u.no-ip.info

x4u.no-ip.info

xhell.no-ip.org

Targets

    • Target

      34966b15f464c322c1156e6efd6b9d66_JaffaCakes118

    • Size

      165KB

    • MD5

      34966b15f464c322c1156e6efd6b9d66

    • SHA1

      13dc4f708ed488abd3e896d4ec46bc1adea4b7c2

    • SHA256

      9fc2d0c7f305beb456e052e3917e9eafb80f241161c5d4d8c3a3ae0d0fd236b0

    • SHA512

      38ec58bc801d3b6b55a23146d0ac60e59e507f8f85e0b228ca5812455df8eebfee0034d8929a473528f2d38c01d3b2aabbec02cc280990f4882bf87139dc2072

    • SSDEEP

      3072:DyRUZ7vAsnPKlXlSnr7V/rj+VLOG/+HoSIW2YygMy/Yjx:GqZ7oVXlSnpj+VLOG/0IW2WAN

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks