General

  • Target

    3e4a1346342094871c6cdc61673d739d_JaffaCakes118

  • Size

    24KB

  • Sample

    240712-wc1qxatelq

  • MD5

    3e4a1346342094871c6cdc61673d739d

  • SHA1

    0765788601578ce4941417464c518696dcc04eb1

  • SHA256

    8f914f2f45cb93e379a99220bde03e6817245ddcdcfcc2e7dc2b4be33936f481

  • SHA512

    4f1e42ea1b20ea7046dc6761bf0f6733ef024070038f5bcdbf96c9aef147afd9495367ba0856ce8f45958aa5fbde2aa20bed387706ec24ddf219ef4533fe7722

  • SSDEEP

    384:MIdmF+Ti213fEF9QZd/cBr5M/gOjkaS4s/1k5YiZNyELPNv/WQ24bOz/HAdQPKDk:MIsF81fG9QveLOYTe5YirLF/W94ObyC7

Malware Config

Extracted

Family

xtremerat

C2

pxsd-pxsd.no-ip.biz

Targets

    • Target

      3e4a1346342094871c6cdc61673d739d_JaffaCakes118

    • Size

      24KB

    • MD5

      3e4a1346342094871c6cdc61673d739d

    • SHA1

      0765788601578ce4941417464c518696dcc04eb1

    • SHA256

      8f914f2f45cb93e379a99220bde03e6817245ddcdcfcc2e7dc2b4be33936f481

    • SHA512

      4f1e42ea1b20ea7046dc6761bf0f6733ef024070038f5bcdbf96c9aef147afd9495367ba0856ce8f45958aa5fbde2aa20bed387706ec24ddf219ef4533fe7722

    • SSDEEP

      384:MIdmF+Ti213fEF9QZd/cBr5M/gOjkaS4s/1k5YiZNyELPNv/WQ24bOz/HAdQPKDk:MIsF81fG9QveLOYTe5YirLF/W94ObyC7

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks