General

  • Target

    a3b714a52b4b44e4059af4818bd1593a_JaffaCakes118

  • Size

    952KB

  • Sample

    240817-xglcfs1ckb

  • MD5

    a3b714a52b4b44e4059af4818bd1593a

  • SHA1

    e2e0d2418fa8e93bd6d4fbd304e49e0174f3978a

  • SHA256

    c26da3a1ed4058696f6276b75e50c7c7f5ec679f2567390bbdbbcbf5aff595ab

  • SHA512

    6deeefc3a22024402ad9c2360fc07a2bc28b79186ab5caf9f30fa210ddfd2c713a9944c1eca7165afc0129ad414a32cc34738eaea853d80e3f9efa8e853e0d46

  • SSDEEP

    12288:ca7+7rGNrkty0fkhAlmvR7rGNrkty0fkhAMmt:cjErmyFAeRErmyFA3

Malware Config

Extracted

Family

xtremerat

C2

atjeorlife.no-ip.biz

Targets

    • Target

      a3b714a52b4b44e4059af4818bd1593a_JaffaCakes118

    • Size

      952KB

    • MD5

      a3b714a52b4b44e4059af4818bd1593a

    • SHA1

      e2e0d2418fa8e93bd6d4fbd304e49e0174f3978a

    • SHA256

      c26da3a1ed4058696f6276b75e50c7c7f5ec679f2567390bbdbbcbf5aff595ab

    • SHA512

      6deeefc3a22024402ad9c2360fc07a2bc28b79186ab5caf9f30fa210ddfd2c713a9944c1eca7165afc0129ad414a32cc34738eaea853d80e3f9efa8e853e0d46

    • SSDEEP

      12288:ca7+7rGNrkty0fkhAlmvR7rGNrkty0fkhAMmt:cjErmyFAeRErmyFA3

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks