General

  • Target

    593281dfc205c2a152cbc73945d9281f_JaffaCakes118

  • Size

    180KB

  • Sample

    240718-1mkjwsxgpp

  • MD5

    593281dfc205c2a152cbc73945d9281f

  • SHA1

    e84fe725a6e0b7a1ec1c914d4a2124fe9808bde9

  • SHA256

    e0e0ea329f92842c2f7a5223ce5e3d5f195af397c126ecac31757ee0ddc53afb

  • SHA512

    066924e3e874e444d6d6396a22f8162559133e1aa072e42fcb5fa55a2bbb1fa67ae5a329432dcdbe105ebe1b15988f4948a01685e575c6aead5886583f665c52

  • SSDEEP

    3072:DeNcKreCvWbyhreTCF96HM0XUGXU2Fo21364EoiJeeI+StSqYLj8MfseRMGBR3Ra:DeuKSCRhC+pnVW5GJZ2tNYLj8Mfs9GB8

Malware Config

Extracted

Family

xtremerat

C2

mnfd.dyndns.info

Targets

    • Target

      593281dfc205c2a152cbc73945d9281f_JaffaCakes118

    • Size

      180KB

    • MD5

      593281dfc205c2a152cbc73945d9281f

    • SHA1

      e84fe725a6e0b7a1ec1c914d4a2124fe9808bde9

    • SHA256

      e0e0ea329f92842c2f7a5223ce5e3d5f195af397c126ecac31757ee0ddc53afb

    • SHA512

      066924e3e874e444d6d6396a22f8162559133e1aa072e42fcb5fa55a2bbb1fa67ae5a329432dcdbe105ebe1b15988f4948a01685e575c6aead5886583f665c52

    • SSDEEP

      3072:DeNcKreCvWbyhreTCF96HM0XUGXU2Fo21364EoiJeeI+StSqYLj8MfseRMGBR3Ra:DeuKSCRhC+pnVW5GJZ2tNYLj8Mfs9GB8

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks