General

  • Target

    73d8c52be592c824feba5972f2cf667c_JaffaCakes118

  • Size

    104KB

  • Sample

    241024-p7y28sscpr

  • MD5

    73d8c52be592c824feba5972f2cf667c

  • SHA1

    019fc0384b4ebb1b6827e4bca059bace76b4d32b

  • SHA256

    207a05af8f582c537534cb791a813e42791511c00938e5bf52ade2cbe225394a

  • SHA512

    c9b7e9c5a32fb184b6287d9ab226141712e964bb11f85e0fb002f81e6a31e4b90788877e8dc8699eb66781e25579b5343756078acad83980cbd3f8b25506d2e2

  • SSDEEP

    1536:e2ghaZcYZqJC3xdTOuWrdhoh8SHtNeuH21OfyerBjxwX:eHaZ0JKZWxhPSNNMOfbBo

Malware Config

Extracted

Family

xtremerat

C2

|bahoz.no-ip.biz

Targets

    • Target

      73d8c52be592c824feba5972f2cf667c_JaffaCakes118

    • Size

      104KB

    • MD5

      73d8c52be592c824feba5972f2cf667c

    • SHA1

      019fc0384b4ebb1b6827e4bca059bace76b4d32b

    • SHA256

      207a05af8f582c537534cb791a813e42791511c00938e5bf52ade2cbe225394a

    • SHA512

      c9b7e9c5a32fb184b6287d9ab226141712e964bb11f85e0fb002f81e6a31e4b90788877e8dc8699eb66781e25579b5343756078acad83980cbd3f8b25506d2e2

    • SSDEEP

      1536:e2ghaZcYZqJC3xdTOuWrdhoh8SHtNeuH21OfyerBjxwX:eHaZ0JKZWxhPSNNMOfbBo

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks