General

  • Target

    3f34af7044c3fec1c9b0f19aefd912b0_JaffaCakes118

  • Size

    463KB

  • Sample

    240712-2wpqmsthkr

  • MD5

    3f34af7044c3fec1c9b0f19aefd912b0

  • SHA1

    d063bb4ee09427650964630baf5310970dce6558

  • SHA256

    21aecb10b3c00e889d5ec02599453693f58202c05d474e79b180c73eee7aa4cd

  • SHA512

    17b52bf3eded19480f05380db1ab42b1c95f2124cc46ec8d36407044dc2d128ead0508cac0d5b5343117674e27826570a71861630d896fbce7f326d9c3746814

  • SSDEEP

    12288:eElAsBY7tsSu4w/5cLZqEzTIm4Xw+ulHH0:eOGps445cLZxIHXwl0

Malware Config

Targets

    • Target

      3f34af7044c3fec1c9b0f19aefd912b0_JaffaCakes118

    • Size

      463KB

    • MD5

      3f34af7044c3fec1c9b0f19aefd912b0

    • SHA1

      d063bb4ee09427650964630baf5310970dce6558

    • SHA256

      21aecb10b3c00e889d5ec02599453693f58202c05d474e79b180c73eee7aa4cd

    • SHA512

      17b52bf3eded19480f05380db1ab42b1c95f2124cc46ec8d36407044dc2d128ead0508cac0d5b5343117674e27826570a71861630d896fbce7f326d9c3746814

    • SSDEEP

      12288:eElAsBY7tsSu4w/5cLZqEzTIm4Xw+ulHH0:eOGps445cLZxIHXwl0

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks