General

  • Target

    584b41f0fee8949c6c84f24de0941797_JaffaCakes118

  • Size

    360KB

  • Sample

    240718-vklfhs1dmd

  • MD5

    584b41f0fee8949c6c84f24de0941797

  • SHA1

    48a9fd4e651a72c05eacb8f2db2991081d154c6c

  • SHA256

    a0745290d0606da8b5099cb4c17565481792538a75ccfbbf36021b720985615d

  • SHA512

    2fdaf0de3c86660fd7b4ed35fcb0b134170093c0b9f4cfc88e9611ddcb127be9cba80af13096bb93c8bb5c19646624440d9f6a2e5d0b8088310fad416a3cde48

  • SSDEEP

    6144:3qUA2Hcyjx0BPzpJhZw7gn5KGgPhsnVW5GJZ2tNYLj8MfsnfK5ysOzo:3AmKBPzpJhAgnAzSVzYKj86swg8

Malware Config

Extracted

Family

xtremerat

C2

cescmouad.zapto.org

Targets

    • Target

      584b41f0fee8949c6c84f24de0941797_JaffaCakes118

    • Size

      360KB

    • MD5

      584b41f0fee8949c6c84f24de0941797

    • SHA1

      48a9fd4e651a72c05eacb8f2db2991081d154c6c

    • SHA256

      a0745290d0606da8b5099cb4c17565481792538a75ccfbbf36021b720985615d

    • SHA512

      2fdaf0de3c86660fd7b4ed35fcb0b134170093c0b9f4cfc88e9611ddcb127be9cba80af13096bb93c8bb5c19646624440d9f6a2e5d0b8088310fad416a3cde48

    • SSDEEP

      6144:3qUA2Hcyjx0BPzpJhZw7gn5KGgPhsnVW5GJZ2tNYLj8MfsnfK5ysOzo:3AmKBPzpJhAgnAzSVzYKj86swg8

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks