General

  • Target

    3ee16182d25c18ef09567a3d59277b61_JaffaCakes118

  • Size

    75KB

  • Sample

    240712-zxqm8asela

  • MD5

    3ee16182d25c18ef09567a3d59277b61

  • SHA1

    050874bab9a33b43b02920ae15edcd2445f5623c

  • SHA256

    55e9a72c406166e8b66cf69584621e329a09ed098ffecc747d19aa3c15e2d30d

  • SHA512

    5f6db70cd2ea5aeb07b8b1375466d31e2d2d8fd0ce3b5fa7ac8502ba80254532a59833ce02d35c3782103470f043bf76cf654a59da9250712942494bcce35b90

  • SSDEEP

    1536:81KMQddgUm6yzJu8HsIkTmkqNXDWmFJ9ZhIlHhLdBvgxWs:tvdjszxHsIk5q5FJ9nIBLdB4xWs

Malware Config

Extracted

Family

xtremerat

C2

alsfa7.no-ip.biz

Targets

    • Target

      3ee16182d25c18ef09567a3d59277b61_JaffaCakes118

    • Size

      75KB

    • MD5

      3ee16182d25c18ef09567a3d59277b61

    • SHA1

      050874bab9a33b43b02920ae15edcd2445f5623c

    • SHA256

      55e9a72c406166e8b66cf69584621e329a09ed098ffecc747d19aa3c15e2d30d

    • SHA512

      5f6db70cd2ea5aeb07b8b1375466d31e2d2d8fd0ce3b5fa7ac8502ba80254532a59833ce02d35c3782103470f043bf76cf654a59da9250712942494bcce35b90

    • SSDEEP

      1536:81KMQddgUm6yzJu8HsIkTmkqNXDWmFJ9ZhIlHhLdBvgxWs:tvdjszxHsIk5q5FJ9nIBLdB4xWs

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks