General

  • Target

    3e8755361dc8e3ba4f8a65d2a8c8fed8_JaffaCakes118

  • Size

    21KB

  • Sample

    240712-xs5kgaweqq

  • MD5

    3e8755361dc8e3ba4f8a65d2a8c8fed8

  • SHA1

    f4acae28ba7a3b37d54377024e6000e23511809e

  • SHA256

    36e233e96baba7e598575353034f4b0a6fe4d6db25ba977e0abc5f9d6e0fca46

  • SHA512

    daada2ce2a621c1e021e4168eca5e09575db1c4ab089c71ff110b7766dccddeb903ea864f4dd085ca91960b4dd5628698921a8ff174136d4fba9d8ea66c637e7

  • SSDEEP

    384:3IdmF+Ti213fEF9QZd/cBr5M/gOjkaS4s/1k5YiZNlbpQ4jbNfymz6UyziQqepLR:3IsF81fG9QveLOYTe5YippQgNfy5UzQz

Malware Config

Extracted

Family

xtremerat

C2

microlux7.zapto.org

Targets

    • Target

      3e8755361dc8e3ba4f8a65d2a8c8fed8_JaffaCakes118

    • Size

      21KB

    • MD5

      3e8755361dc8e3ba4f8a65d2a8c8fed8

    • SHA1

      f4acae28ba7a3b37d54377024e6000e23511809e

    • SHA256

      36e233e96baba7e598575353034f4b0a6fe4d6db25ba977e0abc5f9d6e0fca46

    • SHA512

      daada2ce2a621c1e021e4168eca5e09575db1c4ab089c71ff110b7766dccddeb903ea864f4dd085ca91960b4dd5628698921a8ff174136d4fba9d8ea66c637e7

    • SSDEEP

      384:3IdmF+Ti213fEF9QZd/cBr5M/gOjkaS4s/1k5YiZNlbpQ4jbNfymz6UyziQqepLR:3IsF81fG9QveLOYTe5YippQgNfy5UzQz

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks