General

  • Target

    372e83d00c19fa37164a018f84252e52_JaffaCakes118

  • Size

    89KB

  • Sample

    240711-brs96a1brq

  • MD5

    372e83d00c19fa37164a018f84252e52

  • SHA1

    1487cbd13208c85fe71f0dbc13a20e0bfc0016ff

  • SHA256

    d636adc0e3691926f3a65a2756f3836485416db0e783a02c753bac7f442ba473

  • SHA512

    b5e3b3bc69774c77de8c1381bf31d04122075961288617a5c28e5ca52b661032498ea392ecf52d4e9c9fd66c3aa7151bc0bd00f5535f760393deebd7b4677821

  • SSDEEP

    1536:RrEUEVDF4VR5YJBCL3ce5ncyzG23UbuasNPp4brEJi0oZODVh4Px71y8xmwciuX1:RrEvb4VROJBCL3ce5ncyzG23UbuasNPn

Malware Config

Extracted

Family

xtremerat

C2

black100.no-ip.biz

cantstop.no-ip.biz

Targets

    • Target

      372e83d00c19fa37164a018f84252e52_JaffaCakes118

    • Size

      89KB

    • MD5

      372e83d00c19fa37164a018f84252e52

    • SHA1

      1487cbd13208c85fe71f0dbc13a20e0bfc0016ff

    • SHA256

      d636adc0e3691926f3a65a2756f3836485416db0e783a02c753bac7f442ba473

    • SHA512

      b5e3b3bc69774c77de8c1381bf31d04122075961288617a5c28e5ca52b661032498ea392ecf52d4e9c9fd66c3aa7151bc0bd00f5535f760393deebd7b4677821

    • SSDEEP

      1536:RrEUEVDF4VR5YJBCL3ce5ncyzG23UbuasNPp4brEJi0oZODVh4Px71y8xmwciuX1:RrEvb4VROJBCL3ce5ncyzG23UbuasNPn

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks