General

  • Target

    35ae668959c6e65383603977430538b1_JaffaCakes118

  • Size

    221KB

  • Sample

    240710-vznt7asgja

  • MD5

    35ae668959c6e65383603977430538b1

  • SHA1

    5f1f0ea8272657650dab5738e28c82a503d7dfb0

  • SHA256

    308ac25b629722963b80d1cd8f652c1df46b8e5e4dceebda330714faf533018a

  • SHA512

    802da6ba428e17e086bb1c850404d5cc6094b89d5c56413bec225157956d6f6fd8d0eb403b091d2bdf2ffdce3b717229d6d2bb8c0817e976faaf8ac997ad4490

  • SSDEEP

    3072:AxexkMNY+4n8iVMMS+3Gso2APwDPvZMQ8WEeMPwZ7PimjYlx+F2wz:g6k/+4nNv2vIDWzoSMK0T2wz

Malware Config

Extracted

Family

xtremerat

C2

lepra.sytes.net

Targets

    • Target

      35ae668959c6e65383603977430538b1_JaffaCakes118

    • Size

      221KB

    • MD5

      35ae668959c6e65383603977430538b1

    • SHA1

      5f1f0ea8272657650dab5738e28c82a503d7dfb0

    • SHA256

      308ac25b629722963b80d1cd8f652c1df46b8e5e4dceebda330714faf533018a

    • SHA512

      802da6ba428e17e086bb1c850404d5cc6094b89d5c56413bec225157956d6f6fd8d0eb403b091d2bdf2ffdce3b717229d6d2bb8c0817e976faaf8ac997ad4490

    • SSDEEP

      3072:AxexkMNY+4n8iVMMS+3Gso2APwDPvZMQ8WEeMPwZ7PimjYlx+F2wz:g6k/+4nNv2vIDWzoSMK0T2wz

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks