General

  • Target

    401057a32d2cd428dad58add4f1742df_JaffaCakes118

  • Size

    45KB

  • Sample

    240713-eap3ysthqj

  • MD5

    401057a32d2cd428dad58add4f1742df

  • SHA1

    05931bbcb53b0580dd82f7dba254a528de51e765

  • SHA256

    131a6f5e7befec2727ee0be47aea4222c1ec9464b75d2794bc2240ac289e2450

  • SHA512

    01e67472694ce99da860e14bbd405bbfd028b13703c792b8bc51e985717f32a7158f40a2df1d8fa50519b115d5558a7e7f495377b4be18701335511f697e2639

  • SSDEEP

    768:9Br+tjFY90iY6W1jwmDzKgEFQXaklMIAnH8hwfOgw0cIzoQYE:jyRh31jxPEFQXak+H84bJoQYE

Malware Config

Extracted

Family

xtremerat

C2

fatah.no-ip.biz

Targets

    • Target

      401057a32d2cd428dad58add4f1742df_JaffaCakes118

    • Size

      45KB

    • MD5

      401057a32d2cd428dad58add4f1742df

    • SHA1

      05931bbcb53b0580dd82f7dba254a528de51e765

    • SHA256

      131a6f5e7befec2727ee0be47aea4222c1ec9464b75d2794bc2240ac289e2450

    • SHA512

      01e67472694ce99da860e14bbd405bbfd028b13703c792b8bc51e985717f32a7158f40a2df1d8fa50519b115d5558a7e7f495377b4be18701335511f697e2639

    • SSDEEP

      768:9Br+tjFY90iY6W1jwmDzKgEFQXaklMIAnH8hwfOgw0cIzoQYE:jyRh31jxPEFQXak+H84bJoQYE

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks