General

  • Target

    38ad31732411d7687e516cc568cdf109_JaffaCakes118

  • Size

    483KB

  • Sample

    240711-l37xssthna

  • MD5

    38ad31732411d7687e516cc568cdf109

  • SHA1

    433eae746eabd5d2d5035bc1737396fe3cf0b562

  • SHA256

    982a254f0e3c96b008a2b06e46e9d3f09b1902cdfe5a16e625fbe53c4aa1ba12

  • SHA512

    6465d042944e3e345e56ca5cd04387dffbf3f1130cdb7a2f1d1a4c5f42fc0e561766d876f743ac2106287e577ce8234bcbc9c490f05c1109f99229afa0eb53bd

  • SSDEEP

    12288:yZKhjuTzjm5EavubYMSDAAJPjQXAE9+IYToBE/o:2wuTzK5FvubL8jbQXAE9+IYeyo

Malware Config

Extracted

Family

xtremerat

C2

hot-pics.hopto.org

Targets

    • Target

      38ad31732411d7687e516cc568cdf109_JaffaCakes118

    • Size

      483KB

    • MD5

      38ad31732411d7687e516cc568cdf109

    • SHA1

      433eae746eabd5d2d5035bc1737396fe3cf0b562

    • SHA256

      982a254f0e3c96b008a2b06e46e9d3f09b1902cdfe5a16e625fbe53c4aa1ba12

    • SHA512

      6465d042944e3e345e56ca5cd04387dffbf3f1130cdb7a2f1d1a4c5f42fc0e561766d876f743ac2106287e577ce8234bcbc9c490f05c1109f99229afa0eb53bd

    • SSDEEP

      12288:yZKhjuTzjm5EavubYMSDAAJPjQXAE9+IYToBE/o:2wuTzK5FvubL8jbQXAE9+IYeyo

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

MITRE ATT&CK Enterprise v15

Tasks