General

  • Target

    df2f1bb69ba0fd2b3e803dd867167121_JaffaCakes118

  • Size

    198KB

  • Sample

    241211-aze7ts1rbl

  • MD5

    df2f1bb69ba0fd2b3e803dd867167121

  • SHA1

    05bcb05a04a1c9f12bab7ec1d3fa948818382984

  • SHA256

    84235fbb878ec80263caddba89619cc7349f1b479bf6c5f49d35e37f9b49f1a1

  • SHA512

    292e1b58c03e775a3d1fc87dee7fb68d352015c591b03e34fe082e9c8304f2acbdd9d3e02d33bfbd6a741afabba506c96d9f9008668f679659477fb3ebdd1dd0

  • SSDEEP

    6144:ZKtVKQQn+aCyIK3ccnMxjlU0gYJ1ztm/E:ZKfKFW1K3DnsfRJ9

Malware Config

Extracted

Family

xtremerat

C2

franco1.no-ip.org

Targets

    • Target

      df2f1bb69ba0fd2b3e803dd867167121_JaffaCakes118

    • Size

      198KB

    • MD5

      df2f1bb69ba0fd2b3e803dd867167121

    • SHA1

      05bcb05a04a1c9f12bab7ec1d3fa948818382984

    • SHA256

      84235fbb878ec80263caddba89619cc7349f1b479bf6c5f49d35e37f9b49f1a1

    • SHA512

      292e1b58c03e775a3d1fc87dee7fb68d352015c591b03e34fe082e9c8304f2acbdd9d3e02d33bfbd6a741afabba506c96d9f9008668f679659477fb3ebdd1dd0

    • SSDEEP

      6144:ZKtVKQQn+aCyIK3ccnMxjlU0gYJ1ztm/E:ZKfKFW1K3DnsfRJ9

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Xtremerat family

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks