General

  • Target

    9414d0122883037eb97e8f678de853a5_JaffaCakes118

  • Size

    142KB

  • Sample

    241124-mh2qqavqcz

  • MD5

    9414d0122883037eb97e8f678de853a5

  • SHA1

    9bf1b6c180885052dcbadde767ac07c8637fe4aa

  • SHA256

    d4b3b42b4b08f3cfc8797e45d3d91901681bc4eff4a45e2254c4faa6820a21ca

  • SHA512

    aba06c12a466950e787630dbc8a7597b12f2a1e370770f1d755d0d83c57213c85aaa3543002ffc068435c43fbf1c3fccb01c9a5c775a2569e747c833502ce062

  • SSDEEP

    1536:ISU77zF16QvCkFbmn2DHXIe1M0OA8F8Two0zCf4O1LhrUaNXCkxop7P8KH90q:ISyCQvCkFbA72hl0zCA+LpE7EEf

Malware Config

Extracted

Family

xtremerat

C2

l1merain.zapto.org

Ⲥ漙m蠀C:\Windl1merain.zapto.org

C:\Usl1merain.zapto.org

Targets

    • Target

      9414d0122883037eb97e8f678de853a5_JaffaCakes118

    • Size

      142KB

    • MD5

      9414d0122883037eb97e8f678de853a5

    • SHA1

      9bf1b6c180885052dcbadde767ac07c8637fe4aa

    • SHA256

      d4b3b42b4b08f3cfc8797e45d3d91901681bc4eff4a45e2254c4faa6820a21ca

    • SHA512

      aba06c12a466950e787630dbc8a7597b12f2a1e370770f1d755d0d83c57213c85aaa3543002ffc068435c43fbf1c3fccb01c9a5c775a2569e747c833502ce062

    • SSDEEP

      1536:ISU77zF16QvCkFbmn2DHXIe1M0OA8F8Two0zCf4O1LhrUaNXCkxop7P8KH90q:ISyCQvCkFbA72hl0zCA+LpE7EEf

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Xtremerat family

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks