General

  • Target

    60385c92c7ff0da85b1d9bb132f4f762_JaffaCakes118

  • Size

    380KB

  • Sample

    240720-2c2wvszdmr

  • MD5

    60385c92c7ff0da85b1d9bb132f4f762

  • SHA1

    9e7c93e199ae10e26efa825b13decbec44739475

  • SHA256

    8ca0952d352e03182a75d0f4b26228f3baa11482f52d13a16981533be4b4ea5b

  • SHA512

    178adaab7088424bf9c4dc5e10b150e495a3aa9fb48fe09be7f55ed58e9f4da02c85eb5e2ae1efc648d2e8a9a28b44d2992d19e4630bf6d2342023ae19f8bb80

  • SSDEEP

    3072:OxB4WlsyapE3C1u+h7xbz0YO5mAsmhmUSIIYD97KB/41/9gUTl3:GB4Q+XbYhmAsmDJblI/4P

Malware Config

Extracted

Family

xtremerat

C2

lover810.zapto.org

Targets

    • Target

      60385c92c7ff0da85b1d9bb132f4f762_JaffaCakes118

    • Size

      380KB

    • MD5

      60385c92c7ff0da85b1d9bb132f4f762

    • SHA1

      9e7c93e199ae10e26efa825b13decbec44739475

    • SHA256

      8ca0952d352e03182a75d0f4b26228f3baa11482f52d13a16981533be4b4ea5b

    • SHA512

      178adaab7088424bf9c4dc5e10b150e495a3aa9fb48fe09be7f55ed58e9f4da02c85eb5e2ae1efc648d2e8a9a28b44d2992d19e4630bf6d2342023ae19f8bb80

    • SSDEEP

      3072:OxB4WlsyapE3C1u+h7xbz0YO5mAsmhmUSIIYD97KB/41/9gUTl3:GB4Q+XbYhmAsmDJblI/4P

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks