General

  • Target

    4f5e89e28fc5bca7851aa5c72b86be67_JaffaCakes118

  • Size

    21KB

  • Sample

    240716-v7l1kawdmh

  • MD5

    4f5e89e28fc5bca7851aa5c72b86be67

  • SHA1

    4aff3048d15ac77e9217509eb42726668cb41491

  • SHA256

    c3155e01f959d88725abe33533eda8e5c560b18c8a4ed3f49b5ac4aee67d80b7

  • SHA512

    eafb4a29629092b7582c4621164b61f7420ba98369f2eef31b5fabdaaee7362675769e451872ee4ee9a15d1a01d3e4006697f5ea2708be0618956c8ccd8b5eae

  • SSDEEP

    384:rHIdmF+Ti213fEF9QZd/cBr5M/gOjkaS4s/1k5YiZNlNhpQ4CQFeQbsYpLR:DIsF81fG9QveLOYTe5YilpQl69

Malware Config

Extracted

Family

xtremerat

C2

mr2010.no-ip.org

Targets

    • Target

      4f5e89e28fc5bca7851aa5c72b86be67_JaffaCakes118

    • Size

      21KB

    • MD5

      4f5e89e28fc5bca7851aa5c72b86be67

    • SHA1

      4aff3048d15ac77e9217509eb42726668cb41491

    • SHA256

      c3155e01f959d88725abe33533eda8e5c560b18c8a4ed3f49b5ac4aee67d80b7

    • SHA512

      eafb4a29629092b7582c4621164b61f7420ba98369f2eef31b5fabdaaee7362675769e451872ee4ee9a15d1a01d3e4006697f5ea2708be0618956c8ccd8b5eae

    • SSDEEP

      384:rHIdmF+Ti213fEF9QZd/cBr5M/gOjkaS4s/1k5YiZNlNhpQ4CQFeQbsYpLR:DIsF81fG9QveLOYTe5YilpQl69

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks