General

  • Target

    e75adde386505df699c22e87cc73e105_JaffaCakes118

  • Size

    52KB

  • Sample

    241212-vd8x8ssmhj

  • MD5

    e75adde386505df699c22e87cc73e105

  • SHA1

    4bcc42b49f3796acd5e3ba1e848c115adda2f9c3

  • SHA256

    a7626bffd9e9cb6c9e8be8081dee3ef9ed4178de7335a9285d748594ea2b306a

  • SHA512

    3118d25d4670c30d671e09a73b422539b50e7022f9f9044c343fff4a2dc66446871bfbcd35144d61eca7ead21dd2142a559664da69dd34578843ef3f3c03c32e

  • SSDEEP

    768:/JMuijtHf5g7/IIG3bGcYDBSvFIWuePQDGEsgQhiQAqrElEdETkTWOf20:/CNW71rcYDAWeoDrsxiQxeL0

Malware Config

Extracted

Family

xtremerat

C2

ㆼjoker01.zapto.org

Targets

    • Target

      e75adde386505df699c22e87cc73e105_JaffaCakes118

    • Size

      52KB

    • MD5

      e75adde386505df699c22e87cc73e105

    • SHA1

      4bcc42b49f3796acd5e3ba1e848c115adda2f9c3

    • SHA256

      a7626bffd9e9cb6c9e8be8081dee3ef9ed4178de7335a9285d748594ea2b306a

    • SHA512

      3118d25d4670c30d671e09a73b422539b50e7022f9f9044c343fff4a2dc66446871bfbcd35144d61eca7ead21dd2142a559664da69dd34578843ef3f3c03c32e

    • SSDEEP

      768:/JMuijtHf5g7/IIG3bGcYDBSvFIWuePQDGEsgQhiQAqrElEdETkTWOf20:/CNW71rcYDAWeoDrsxiQxeL0

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Xtremerat family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks