General

  • Target

    3687c9120036326541e8d0b1becf135d_JaffaCakes118

  • Size

    297KB

  • Sample

    240710-1pjqdasalm

  • MD5

    3687c9120036326541e8d0b1becf135d

  • SHA1

    eb4af057da7e05ed3ab7d83df3a2530b2ce03ba8

  • SHA256

    0e2fe3ae63efd19f88e83b118c631fb4b9ba67b3ec4edbf1804f8df95202b88f

  • SHA512

    f148718968170d8a04535dad45e38fa3f0a8bcf15cfe9cea7956bb5899aed4adf2b68bd65ad623b53876ad8347ff29037c7b875190482add0b9db85edcf7455f

  • SSDEEP

    3072:YfP4FGzopTIjywszepfklIxMwx4QJng3vsQSLHYIZ1Ot/:YfP7GdzeVkxCttgUVR+/

Malware Config

Extracted

Family

xtremerat

C2

dooont.no-ip.biz

Targets

    • Target

      3687c9120036326541e8d0b1becf135d_JaffaCakes118

    • Size

      297KB

    • MD5

      3687c9120036326541e8d0b1becf135d

    • SHA1

      eb4af057da7e05ed3ab7d83df3a2530b2ce03ba8

    • SHA256

      0e2fe3ae63efd19f88e83b118c631fb4b9ba67b3ec4edbf1804f8df95202b88f

    • SHA512

      f148718968170d8a04535dad45e38fa3f0a8bcf15cfe9cea7956bb5899aed4adf2b68bd65ad623b53876ad8347ff29037c7b875190482add0b9db85edcf7455f

    • SSDEEP

      3072:YfP4FGzopTIjywszepfklIxMwx4QJng3vsQSLHYIZ1Ot/:YfP7GdzeVkxCttgUVR+/

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks