General

  • Target

    c79b5e7ac9336d4b2398fc6d59183e28_JaffaCakes118

  • Size

    783KB

  • Sample

    241205-n939astmgy

  • MD5

    c79b5e7ac9336d4b2398fc6d59183e28

  • SHA1

    3578d764f478110a10313e91025e8ac934c96b5f

  • SHA256

    383b185ca47e74c648ef824b9158f0a7a58772863ec4292f01d3e55c12218baf

  • SHA512

    0acd499658d1404eb34d90e31f5149768d020289fe6dc757488d8a4745896b4d7a93efd43086aca7cf8bc895391ba0db4c7638510b350113ecf08556dd347476

  • SSDEEP

    12288:Yo2iE8n9yXz4LSiecUoSkBBjjPOMccUXas2HFGpQdyRTWAz:pb9yhrgHPFccAH2HFC5z

Malware Config

Extracted

Family

xtremerat

C2

nerozhack.ddns.com.br

alonedevil.no-ip.org

gameszero.dyndns.org

Targets

    • Target

      c79b5e7ac9336d4b2398fc6d59183e28_JaffaCakes118

    • Size

      783KB

    • MD5

      c79b5e7ac9336d4b2398fc6d59183e28

    • SHA1

      3578d764f478110a10313e91025e8ac934c96b5f

    • SHA256

      383b185ca47e74c648ef824b9158f0a7a58772863ec4292f01d3e55c12218baf

    • SHA512

      0acd499658d1404eb34d90e31f5149768d020289fe6dc757488d8a4745896b4d7a93efd43086aca7cf8bc895391ba0db4c7638510b350113ecf08556dd347476

    • SSDEEP

      12288:Yo2iE8n9yXz4LSiecUoSkBBjjPOMccUXas2HFGpQdyRTWAz:pb9yhrgHPFccAH2HFC5z

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Xtremerat family

    • Drops file in Drivers directory

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks