General

  • Target

    d7a32826a8931724221b193e9f448b04_JaffaCakes118

  • Size

    1.0MB

  • Sample

    241208-sc7yfa1rer

  • MD5

    d7a32826a8931724221b193e9f448b04

  • SHA1

    a284d56bcfb9f82177deaed765bda78d260f5d47

  • SHA256

    f62cce747b4d393e3d2ab03f14ec4412f882333da5cce7a7bb368f4495cb8c19

  • SHA512

    8709b4f9083cbd8b899b97ac12498d1ffd12081bfbe368073de397dfa861357b8b1531a7cd6a16914fd2eeb35eab7b6d37bdc01cad8be90dc36b82dea4cb4d11

  • SSDEEP

    24576:OPze+0Pze+moJmnNg4XVMD0nDImeKvThFFmB5d:ize7zeJoJmNfND9eK7had

Malware Config

Extracted

Family

xtremerat

C2

neuromante.no-ip.org

ʨneuromante.no-ip.org

Targets

    • Target

      d7a32826a8931724221b193e9f448b04_JaffaCakes118

    • Size

      1.0MB

    • MD5

      d7a32826a8931724221b193e9f448b04

    • SHA1

      a284d56bcfb9f82177deaed765bda78d260f5d47

    • SHA256

      f62cce747b4d393e3d2ab03f14ec4412f882333da5cce7a7bb368f4495cb8c19

    • SHA512

      8709b4f9083cbd8b899b97ac12498d1ffd12081bfbe368073de397dfa861357b8b1531a7cd6a16914fd2eeb35eab7b6d37bdc01cad8be90dc36b82dea4cb4d11

    • SSDEEP

      24576:OPze+0Pze+moJmnNg4XVMD0nDImeKvThFFmB5d:ize7zeJoJmNfND9eK7had

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Xtremerat family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks