General

  • Target

    5020a82e8da32283caf7302ebaf1d725_JaffaCakes118

  • Size

    36KB

  • Sample

    240716-1exjgs1cpj

  • MD5

    5020a82e8da32283caf7302ebaf1d725

  • SHA1

    3f41bc98bd24cccb347b3c28a82c3b9065a84ef5

  • SHA256

    233e054a297bb94781c74086964d3648554d6dfb8201c8ec2e2108b210aae00c

  • SHA512

    040acb3eef3b2ee8271f5747e829dc63c35166e8ab901f49549004dfdf19596faf711ce653c7342a9bc2f3b85c82e3e45276d28c14a40a9b8b0891d56118d8cf

  • SSDEEP

    768:UggD7oyAX2hwdDJR+5WQt28Dvz9zXeOfhb+gJMXjbWEZRL02JGfJxQLoI:UvD74dVR+UQsaZOGhb7JMHN02Jl

Malware Config

Extracted

Family

xtremerat

C2

mom.no-ip.biz

Targets

    • Target

      5020a82e8da32283caf7302ebaf1d725_JaffaCakes118

    • Size

      36KB

    • MD5

      5020a82e8da32283caf7302ebaf1d725

    • SHA1

      3f41bc98bd24cccb347b3c28a82c3b9065a84ef5

    • SHA256

      233e054a297bb94781c74086964d3648554d6dfb8201c8ec2e2108b210aae00c

    • SHA512

      040acb3eef3b2ee8271f5747e829dc63c35166e8ab901f49549004dfdf19596faf711ce653c7342a9bc2f3b85c82e3e45276d28c14a40a9b8b0891d56118d8cf

    • SSDEEP

      768:UggD7oyAX2hwdDJR+5WQt28Dvz9zXeOfhb+gJMXjbWEZRL02JGfJxQLoI:UvD74dVR+UQsaZOGhb7JMHN02Jl

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks