General

  • Target

    db5aef4f5492fbe3b91ee8378990fda8_JaffaCakes118

  • Size

    61KB

  • Sample

    241209-y2yzqazlcs

  • MD5

    db5aef4f5492fbe3b91ee8378990fda8

  • SHA1

    4f8cfbc766546c901db03e5caf6f8ee68eac80f2

  • SHA256

    c78f808fa6c3a643232b4d3c5f88e2b396e1ffca54d42ddd2771fe70a222fa3f

  • SHA512

    80b07f0a6a4a7e66a6fd7151e05fa68b0b7860a486735820d233a7505f0bc341cf0fd84a047fe7bccdb831b931cf70cbd6a7b1e5d9b5645494c6dd0f69287f12

  • SSDEEP

    1536:pT8qDqQ8K9MKhuiUMKgP2koJxg8tl5NXx:tqMyKQLLg8/V

Malware Config

Extracted

Family

xtremerat

C2

amhi.no-ip.info

Targets

    • Target

      db5aef4f5492fbe3b91ee8378990fda8_JaffaCakes118

    • Size

      61KB

    • MD5

      db5aef4f5492fbe3b91ee8378990fda8

    • SHA1

      4f8cfbc766546c901db03e5caf6f8ee68eac80f2

    • SHA256

      c78f808fa6c3a643232b4d3c5f88e2b396e1ffca54d42ddd2771fe70a222fa3f

    • SHA512

      80b07f0a6a4a7e66a6fd7151e05fa68b0b7860a486735820d233a7505f0bc341cf0fd84a047fe7bccdb831b931cf70cbd6a7b1e5d9b5645494c6dd0f69287f12

    • SSDEEP

      1536:pT8qDqQ8K9MKhuiUMKgP2koJxg8tl5NXx:tqMyKQLLg8/V

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Xtremerat family

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Deletes itself

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks