General

  • Target

    cfaf2f9f41187d2c3bde26abd44943ed_JaffaCakes118

  • Size

    71KB

  • Sample

    241206-31raps1kem

  • MD5

    cfaf2f9f41187d2c3bde26abd44943ed

  • SHA1

    0adf4ec0d322e9c4276c87e8e6a08cf41da60d54

  • SHA256

    53650090b9038f83f9d9cb64768876abf59f6c0ad22fbb97050644ef09841a7a

  • SHA512

    a6ce8955690870b4fe85a2bf78085e2a97f17a834b83f46fc6ae29c51bdfc5417058b60400e93c7b3c05fc4e1511c73424a8c9d3b668f8e56a19f42a9721e962

  • SSDEEP

    1536:ObtbI4ZmN264cDWrZ9q5npFy5k1ufvrMK9SCgCnOV35:ObV4WrZIlKkAfvrMKthIp

Malware Config

Extracted

Family

xtremerat

C2

Create sebirkan99.no-ip.biz

Targets

    • Target

      cfaf2f9f41187d2c3bde26abd44943ed_JaffaCakes118

    • Size

      71KB

    • MD5

      cfaf2f9f41187d2c3bde26abd44943ed

    • SHA1

      0adf4ec0d322e9c4276c87e8e6a08cf41da60d54

    • SHA256

      53650090b9038f83f9d9cb64768876abf59f6c0ad22fbb97050644ef09841a7a

    • SHA512

      a6ce8955690870b4fe85a2bf78085e2a97f17a834b83f46fc6ae29c51bdfc5417058b60400e93c7b3c05fc4e1511c73424a8c9d3b668f8e56a19f42a9721e962

    • SSDEEP

      1536:ObtbI4ZmN264cDWrZ9q5npFy5k1ufvrMK9SCgCnOV35:ObV4WrZIlKkAfvrMKthIp

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Xtremerat family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks