Overview

overview

10

Static

static

3

JaffaCakes...4b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_b3f5ede5f64fc017b6cd05879dc4494b

  • Size

    94KB

  • Sample

    250413-jchtwa1mw8

  • MD5

    b3f5ede5f64fc017b6cd05879dc4494b

  • SHA1

    c882b9f0f95f383145dfd47636972f453b5702c9

  • SHA256

    52326b939dbe798f3fc4cc5ccc2e5570f88c05814c7b03811494c6cc680b872c

  • SHA512

    94944c6a4b58a8821cf0f6747c9153b194fc5f99f23015bc5c068ecbb7d2ccd69a63399e3cea04f9b68534bb46a7627d211da02633b968e6e5d554bdd5fab566

  • SSDEEP

    1536:Rj4hqn6xsETucb/vxnDm4hqn6xsETucbd/UhAPZg4X74qqLMcjfK:ehdJbg4hdJbSOgwfs

Score
10/10
xtremeratdiscoverypersistenceratspywareupx

Malware Config

Extracted

Family

xtremerat

C2

hkr0550.no-ip.biz

Listahkrmoot.no-ip.biz

Listaa7bkmoot.no-ip.biz

Targets

    • Target

      JaffaCakes118_b3f5ede5f64fc017b6cd05879dc4494b

    • Size

      94KB

    • MD5

      b3f5ede5f64fc017b6cd05879dc4494b

    • SHA1

      c882b9f0f95f383145dfd47636972f453b5702c9

    • SHA256

      52326b939dbe798f3fc4cc5ccc2e5570f88c05814c7b03811494c6cc680b872c

    • SHA512

      94944c6a4b58a8821cf0f6747c9153b194fc5f99f23015bc5c068ecbb7d2ccd69a63399e3cea04f9b68534bb46a7627d211da02633b968e6e5d554bdd5fab566

    • SSDEEP

      1536:Rj4hqn6xsETucb/vxnDm4hqn6xsETucbd/UhAPZg4X74qqLMcjfK:ehdJbg4hdJbSOgwfs

    Score
    10/10
    xtremeratdiscoverypersistenceratspywareupx

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

      persistencespywareratxtremerat

    • Xtremerat family

      xtremerat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v16

Tasks