General

  • Target

    52befaaee1ab0236392c06e318249396_JaffaCakes118

  • Size

    43KB

  • Sample

    240717-nc13ns1ekf

  • MD5

    52befaaee1ab0236392c06e318249396

  • SHA1

    f04d3c724006b73ac6b8d893cc933b20a922025d

  • SHA256

    33093d2d855d53948c6626d0496dccd0a707679a8d5a803ddff7c6433711792f

  • SHA512

    9e888f0474886487d8a8de0e4fb5bcb16b0ee4cd995c67b19ed10c34ce42f5ba2e9bfdb2f2078619afee64dec2f68abf9f852f760f5a0ecd2ba75aea17c29625

  • SSDEEP

    768:YMuijtHf5g7/IIG3bGcYDBSvFIWuePQtv66legLSqTi8BH1b5vwdej:xNW71rcYDAWeotvXlegm38JV5vwdej

Malware Config

Extracted

Family

xtremerat

C2

gaetano1997.no-ip.org

Targets

    • Target

      52befaaee1ab0236392c06e318249396_JaffaCakes118

    • Size

      43KB

    • MD5

      52befaaee1ab0236392c06e318249396

    • SHA1

      f04d3c724006b73ac6b8d893cc933b20a922025d

    • SHA256

      33093d2d855d53948c6626d0496dccd0a707679a8d5a803ddff7c6433711792f

    • SHA512

      9e888f0474886487d8a8de0e4fb5bcb16b0ee4cd995c67b19ed10c34ce42f5ba2e9bfdb2f2078619afee64dec2f68abf9f852f760f5a0ecd2ba75aea17c29625

    • SSDEEP

      768:YMuijtHf5g7/IIG3bGcYDBSvFIWuePQtv66legLSqTi8BH1b5vwdej:xNW71rcYDAWeotvXlegm38JV5vwdej

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks