General

  • Target

    40cc348290cfa3ed0b762329b862e3d1_JaffaCakes118

  • Size

    499KB

  • Sample

    240713-jljsjascpm

  • MD5

    40cc348290cfa3ed0b762329b862e3d1

  • SHA1

    88da9b0f3591b1ea5d5843d4893f0a2f56bb6515

  • SHA256

    d9d05ccde0474ec0cbf0291ecf8b385a1b4395d852263ae09f2771f969bd328e

  • SHA512

    7f84e2cc0de9bc8bf95a9579f68b9a26fca412cc48029cfdfcfb56a2db27866813c52678dd9d3d2e2883904d2134fc8327fa3882bd88b5074bbc62d9cc4399cc

  • SSDEEP

    12288:OKtE03w6No91d134ZedpQpxHtmhnEbr8crxR38bh:O+JA6C9b13D2xNbv/xeb

Malware Config

Extracted

Family

xtremerat

C2

cauchemar.no-ip.biz

Targets

    • Target

      40cc348290cfa3ed0b762329b862e3d1_JaffaCakes118

    • Size

      499KB

    • MD5

      40cc348290cfa3ed0b762329b862e3d1

    • SHA1

      88da9b0f3591b1ea5d5843d4893f0a2f56bb6515

    • SHA256

      d9d05ccde0474ec0cbf0291ecf8b385a1b4395d852263ae09f2771f969bd328e

    • SHA512

      7f84e2cc0de9bc8bf95a9579f68b9a26fca412cc48029cfdfcfb56a2db27866813c52678dd9d3d2e2883904d2134fc8327fa3882bd88b5074bbc62d9cc4399cc

    • SSDEEP

      12288:OKtE03w6No91d134ZedpQpxHtmhnEbr8crxR38bh:O+JA6C9b13D2xNbv/xeb

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks