Overview

overview

10

Static

static

3

ed458ac0eb...18.exe

windows7-x64

10

ed458ac0eb...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ed458ac0ebca7757e713df92814ef846_JaffaCakes118

  • Size

    549KB

  • Sample

    240411-m5761sab32

  • MD5

    ed458ac0ebca7757e713df92814ef846

  • SHA1

    069b478548f326d440ef7e9baff327521f4f184b

  • SHA256

    78a5abed54c6e876ae1e18ffaf1bc2b17d925104043a51fff10e3f80a7cde403

  • SHA512

    e5c2dac6897e1f568ffab20c11ef3151bc1204659dfce228e7ac8d1c3e71b582a678a74df4b0967155e904f5a3a610d342ce93f018a4f7f15bc1d2083941025a

  • SSDEEP

    1536:KdC8MmkY7Xf9xk7/iY3j0jyTph5KRl28QBCBhSZlsffZxEJC5:KdCYz6H4sQKhMBhSUJxEG

Score
10/10
xtremeratpersistenceratspywareupx

Malware Config

Extracted

Family

xtremerat

C2

katrena1986.no-ip.biz

Targets

    • Target

      ed458ac0ebca7757e713df92814ef846_JaffaCakes118

    • Size

      549KB

    • MD5

      ed458ac0ebca7757e713df92814ef846

    • SHA1

      069b478548f326d440ef7e9baff327521f4f184b

    • SHA256

      78a5abed54c6e876ae1e18ffaf1bc2b17d925104043a51fff10e3f80a7cde403

    • SHA512

      e5c2dac6897e1f568ffab20c11ef3151bc1204659dfce228e7ac8d1c3e71b582a678a74df4b0967155e904f5a3a610d342ce93f018a4f7f15bc1d2083941025a

    • SSDEEP

      1536:KdC8MmkY7Xf9xk7/iY3j0jyTph5KRl28QBCBhSZlsffZxEJC5:KdCYz6H4sQKhMBhSUJxEG

    Score
    10/10
    xtremeratpersistenceratspywareupx

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

      persistencespywareratxtremerat

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Tasks