General

  • Target

    dd5e6030d58c06eefa009462eca2dd79_JaffaCakes118

  • Size

    39KB

  • Sample

    241210-gx614a1kgm

  • MD5

    dd5e6030d58c06eefa009462eca2dd79

  • SHA1

    4a2b284b304ee39256f3650836118554ea2b8579

  • SHA256

    56ada6719c45c3ef447a57c7b63c52892f2db11713a09d43434a15c16f95d66f

  • SHA512

    49392830866f02dad7c8b97df410baeb611e7b509aba8d1598518621387b56b2866e46e646e3b76486c10d751a5208287de316a9e0e9fffc700deac317475d59

  • SSDEEP

    768:uMuijtHf5g7/IIG3bGcYDBSvFIWuePQtv66l0FIB4XIcbVhb2g8h2x:LNW71rcYDAWeotvXl044XIcHb2g8h

Malware Config

Extracted

Family

xtremerat

C2

king312.no-ip.org

Targets

    • Target

      dd5e6030d58c06eefa009462eca2dd79_JaffaCakes118

    • Size

      39KB

    • MD5

      dd5e6030d58c06eefa009462eca2dd79

    • SHA1

      4a2b284b304ee39256f3650836118554ea2b8579

    • SHA256

      56ada6719c45c3ef447a57c7b63c52892f2db11713a09d43434a15c16f95d66f

    • SHA512

      49392830866f02dad7c8b97df410baeb611e7b509aba8d1598518621387b56b2866e46e646e3b76486c10d751a5208287de316a9e0e9fffc700deac317475d59

    • SSDEEP

      768:uMuijtHf5g7/IIG3bGcYDBSvFIWuePQtv66l0FIB4XIcbVhb2g8h2x:LNW71rcYDAWeotvXl044XIcHb2g8h

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Xtremerat family

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Adds Run key to start application

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks