General

  • Target

    38d465057d42acd30c455fd0d629e3da_JaffaCakes118

  • Size

    172KB

  • Sample

    240711-m1rcpswbng

  • MD5

    38d465057d42acd30c455fd0d629e3da

  • SHA1

    51020afaecbb5efa6c6fc73f0e81e6eb7de6e350

  • SHA256

    00de3944ce277484c8a9d375e13ac7c129ce0a8aca25c72d53b34e305852099f

  • SHA512

    347a8b5de37202978bb0f889c10958d0a7bfaea258238643a2b5f22da071e73c3265fc737e65e11c3626be8e65be3a80e0e365fb446876f376e42fb30981c876

  • SSDEEP

    1536:iyguAiQ/cBJWumC7ZRtSjGN4HfrJTjV99/V3YAPk3gA9aUZ:ifiQUShCMJvh/hA3gMZ

Malware Config

Extracted

Family

xtremerat

C2

alsfa7.no-ip.biz

Targets

    • Target

      38d465057d42acd30c455fd0d629e3da_JaffaCakes118

    • Size

      172KB

    • MD5

      38d465057d42acd30c455fd0d629e3da

    • SHA1

      51020afaecbb5efa6c6fc73f0e81e6eb7de6e350

    • SHA256

      00de3944ce277484c8a9d375e13ac7c129ce0a8aca25c72d53b34e305852099f

    • SHA512

      347a8b5de37202978bb0f889c10958d0a7bfaea258238643a2b5f22da071e73c3265fc737e65e11c3626be8e65be3a80e0e365fb446876f376e42fb30981c876

    • SSDEEP

      1536:iyguAiQ/cBJWumC7ZRtSjGN4HfrJTjV99/V3YAPk3gA9aUZ:ifiQUShCMJvh/hA3gMZ

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks