General

  • Target

    358f37306aac6da4a03ec97ec556bb74_JaffaCakes118

  • Size

    47KB

  • Sample

    240710-vavlfa1dnh

  • MD5

    358f37306aac6da4a03ec97ec556bb74

  • SHA1

    a2481081baf87f1ff76c581dea57e00e1d97a7fb

  • SHA256

    e0ff021ad711c12637aad7d921f3bb9151f324d8b1658cc79a7e6771c85c18be

  • SHA512

    de99ad6334eaa207ffcca0ac4f540f24940b18aad317a07851a3b42580d12477edc8c3c6bc0fc48b536bf327d998fdd6ae0100e10be0ba445f6bcacc0a11a029

  • SSDEEP

    768:kLdIlo/q41gSI2T+zqZ1b1niEPg0ctLRqiWgPNk/lJipYj4cEydXPbiLhX69:odH/q4+SK415RgdLBWcm/ri2kSfGL5M

Malware Config

Extracted

Family

xtremerat

C2

mohamedmmk.zapto.org

Targets

    • Target

      358f37306aac6da4a03ec97ec556bb74_JaffaCakes118

    • Size

      47KB

    • MD5

      358f37306aac6da4a03ec97ec556bb74

    • SHA1

      a2481081baf87f1ff76c581dea57e00e1d97a7fb

    • SHA256

      e0ff021ad711c12637aad7d921f3bb9151f324d8b1658cc79a7e6771c85c18be

    • SHA512

      de99ad6334eaa207ffcca0ac4f540f24940b18aad317a07851a3b42580d12477edc8c3c6bc0fc48b536bf327d998fdd6ae0100e10be0ba445f6bcacc0a11a029

    • SSDEEP

      768:kLdIlo/q41gSI2T+zqZ1b1niEPg0ctLRqiWgPNk/lJipYj4cEydXPbiLhX69:odH/q4+SK415RgdLBWcm/ri2kSfGL5M

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks