General

  • Target

    6237e15f80aa4efaba522266e21f1231_JaffaCakes118

  • Size

    61KB

  • Sample

    240722-bqx7qathqd

  • MD5

    6237e15f80aa4efaba522266e21f1231

  • SHA1

    07425f44f698327862d73f04979c140d91ef72a1

  • SHA256

    41399a57047307bb72a07d8e0f496bc22b69121692874dd9ef32d1f7bd2ae1c2

  • SHA512

    f5a8b9e19b70a37ed11dcb7f11be52b0a7a6c4cb85e9b3c3c051466052268dbd1a0a5435cc52d043ee22179e238a38b868910bd8432f6f015166a43bc71b7752

  • SSDEEP

    1536:9nykUEDRiAIbAIp59Fdo8Ee27SrPIEdCOBu2EFGP2N0MJud:9gIu9tiebrPXdCOBDOGPuw

Malware Config

Extracted

Family

xtremerat

C2

angham.no-ip.biz

Targets

    • Target

      6237e15f80aa4efaba522266e21f1231_JaffaCakes118

    • Size

      61KB

    • MD5

      6237e15f80aa4efaba522266e21f1231

    • SHA1

      07425f44f698327862d73f04979c140d91ef72a1

    • SHA256

      41399a57047307bb72a07d8e0f496bc22b69121692874dd9ef32d1f7bd2ae1c2

    • SHA512

      f5a8b9e19b70a37ed11dcb7f11be52b0a7a6c4cb85e9b3c3c051466052268dbd1a0a5435cc52d043ee22179e238a38b868910bd8432f6f015166a43bc71b7752

    • SSDEEP

      1536:9nykUEDRiAIbAIp59Fdo8Ee27SrPIEdCOBu2EFGP2N0MJud:9gIu9tiebrPXdCOBDOGPuw

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks