General

  • Target

    3d3bb544355fab6e8febe0db30004995_JaffaCakes118

  • Size

    89KB

  • Sample

    240712-nt4vwstgqa

  • MD5

    3d3bb544355fab6e8febe0db30004995

  • SHA1

    4777a91e63606e04e2ff583f70d72d967fd14721

  • SHA256

    71f5810eb5a53cd17fb21e06ea022a42ecc2dd5f243570ef819c160cebd48cfa

  • SHA512

    387aadfd7c9025aa77879396ba18525a16dcce98ef8be9ff1f926e5f29f61a0779ee60fffdabcfb624fc7961c25551ef416382a7dc9cc5b98c1c1e38564196a8

  • SSDEEP

    1536:RagPchKOGOx4SDj2Ze5B7+OVaYPo+TFLlw/PlY3ZyGM:QgPchKOGzSXDR+OdPPQn+a

Malware Config

Extracted

Family

xtremerat

C2

xstreme.no-ip.org

Targets

    • Target

      3d3bb544355fab6e8febe0db30004995_JaffaCakes118

    • Size

      89KB

    • MD5

      3d3bb544355fab6e8febe0db30004995

    • SHA1

      4777a91e63606e04e2ff583f70d72d967fd14721

    • SHA256

      71f5810eb5a53cd17fb21e06ea022a42ecc2dd5f243570ef819c160cebd48cfa

    • SHA512

      387aadfd7c9025aa77879396ba18525a16dcce98ef8be9ff1f926e5f29f61a0779ee60fffdabcfb624fc7961c25551ef416382a7dc9cc5b98c1c1e38564196a8

    • SSDEEP

      1536:RagPchKOGOx4SDj2Ze5B7+OVaYPo+TFLlw/PlY3ZyGM:QgPchKOGzSXDR+OdPPQn+a

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks