General

  • Target

    5982b55d30166329d2d4105b49d658e0_JaffaCakes118

  • Size

    184KB

  • Sample

    240718-3czbeavcpa

  • MD5

    5982b55d30166329d2d4105b49d658e0

  • SHA1

    32e25ff7dc6885cce1ae8c1d722dc3cb2d4cb7af

  • SHA256

    556acd1eb7c7b2d088753fd493567070fefa5fb82873a94a872c16bd4ff06bac

  • SHA512

    b55889795ca599ecef0774bf9ddde95817ef8994191043788ad954a467761746aef6aea94505011729510e2853e00ec05799ca3a91e2ac8a2f292c19a639cb89

  • SSDEEP

    3072:WUefp08PSp//mqrlyQouF96HM0XUGXU2Fo21364EoiJeeI+StSqYLj8MfseRkAE7:WJfy8KhFpnVW5GJZ2tNYLj8MfsKsX43c

Malware Config

Extracted

Family

xtremerat

C2

123boof.no-ip.org

Targets

    • Target

      5982b55d30166329d2d4105b49d658e0_JaffaCakes118

    • Size

      184KB

    • MD5

      5982b55d30166329d2d4105b49d658e0

    • SHA1

      32e25ff7dc6885cce1ae8c1d722dc3cb2d4cb7af

    • SHA256

      556acd1eb7c7b2d088753fd493567070fefa5fb82873a94a872c16bd4ff06bac

    • SHA512

      b55889795ca599ecef0774bf9ddde95817ef8994191043788ad954a467761746aef6aea94505011729510e2853e00ec05799ca3a91e2ac8a2f292c19a639cb89

    • SSDEEP

      3072:WUefp08PSp//mqrlyQouF96HM0XUGXU2Fo21364EoiJeeI+StSqYLj8MfseRkAE7:WJfy8KhFpnVW5GJZ2tNYLj8MfsKsX43c

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks