General

  • Target

    JaffaCakes118_6e448daefa6866e56526c6f4c800c1fe

  • Size

    96KB

  • Sample

    250103-v1626avlhz

  • MD5

    6e448daefa6866e56526c6f4c800c1fe

  • SHA1

    3d17e51ca2bcb2fd31d2786dd6ba849614b0f6ef

  • SHA256

    454e255f32664873e097d8d7127af399d10ddb81f4c32dceb68384cb1e810448

  • SHA512

    eac43913405bcf6c7e617461edc2bae709ef48bb5e0e0327f28166d7865a79d01247ae06f2e8b3c1ef2d042e49c6721ad5240bc110f1e2c896f9bd62541ea12e

  • SSDEEP

    1536:fDUPauDads2WvSmAmiIuky5oiRfOwGB/Z+ocCFFEnrwznW3YLImLzbvWG8oRN:fNcai2wSz5No+ObBR+PCFFcrubIUn+o/

Malware Config

Extracted

Family

xtremerat

C2

tutoriais157.no-ip.org

Targets

    • Target

      JaffaCakes118_6e448daefa6866e56526c6f4c800c1fe

    • Size

      96KB

    • MD5

      6e448daefa6866e56526c6f4c800c1fe

    • SHA1

      3d17e51ca2bcb2fd31d2786dd6ba849614b0f6ef

    • SHA256

      454e255f32664873e097d8d7127af399d10ddb81f4c32dceb68384cb1e810448

    • SHA512

      eac43913405bcf6c7e617461edc2bae709ef48bb5e0e0327f28166d7865a79d01247ae06f2e8b3c1ef2d042e49c6721ad5240bc110f1e2c896f9bd62541ea12e

    • SSDEEP

      1536:fDUPauDads2WvSmAmiIuky5oiRfOwGB/Z+ocCFFEnrwznW3YLImLzbvWG8oRN:fNcai2wSz5No+ObBR+PCFFcrubIUn+o/

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Xtremerat family

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks