Overview

overview

10

Static

static

3

a74c656d1c...18.exe

windows7-x64

10

a74c656d1c...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a74c656d1c716b692eec83cb56e5c4cf_JaffaCakes118

  • Size

    644KB

  • Sample

    241127-l4wk6aypfy

  • MD5

    a74c656d1c716b692eec83cb56e5c4cf

  • SHA1

    63cb55268b9a7e9ed2a709958e7b2428417e4075

  • SHA256

    3b3ada4812ca591b4d87b4acb4a8cae43250cca8fdab12c8f2f38da0357a96c0

  • SHA512

    a2c951669a2882825e0f0e88a36e59cf3c37399d0b8eda3dbb86264b2a68472541de8eee97dd23d56bb5993502f01d81ccf35c3cd57e747a6d743bc4ac6352a6

  • SSDEEP

    12288:wiqEYyEuCehVyDYPPiL2FkcRd1tGdQQXrUDSeQQd9oGLRwmUwTdqDP:wvh/9klHiSFnRdP3QYSel9Z+mUwQP

Score
10/10
xtremeratdiscoverypersistenceratspyware

Malware Config

Extracted

Family

xtremerat

C2

franciscoldb.no-ip.org

Targets

    • Target

      a74c656d1c716b692eec83cb56e5c4cf_JaffaCakes118

    • Size

      644KB

    • MD5

      a74c656d1c716b692eec83cb56e5c4cf

    • SHA1

      63cb55268b9a7e9ed2a709958e7b2428417e4075

    • SHA256

      3b3ada4812ca591b4d87b4acb4a8cae43250cca8fdab12c8f2f38da0357a96c0

    • SHA512

      a2c951669a2882825e0f0e88a36e59cf3c37399d0b8eda3dbb86264b2a68472541de8eee97dd23d56bb5993502f01d81ccf35c3cd57e747a6d743bc4ac6352a6

    • SSDEEP

      12288:wiqEYyEuCehVyDYPPiL2FkcRd1tGdQQXrUDSeQQd9oGLRwmUwTdqDP:wvh/9klHiSFnRdP3QYSel9Z+mUwQP

    Score
    10/10
    xtremeratdiscoverypersistenceratspyware

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

      persistencespywareratxtremerat

    • Xtremerat family

      xtremerat

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks