General

  • Target

    3ef048400dedc33a8b542c37e8c88f8e_JaffaCakes118

  • Size

    114KB

  • Sample

    240712-z9p78a1bkq

  • MD5

    3ef048400dedc33a8b542c37e8c88f8e

  • SHA1

    17f023771d1fb12a738f12260005a4157ac5c647

  • SHA256

    34558fb35a6b19a4b1de1e5001f1e60205cb34336765fbf2dee46dfb843595bd

  • SHA512

    bf5f01c581456926a6805be1b765ccb632f6d9800168ba3fae3dc53e62006c70a6ab11b1443d251f23b79275093a33d7587282eea5709793110715cc08dcacbd

  • SSDEEP

    1536:D4+OCECjSYSTj3xeP8KD6FiJrA4LRGaRYEGc8jUVG4t0afZQ8rr98Kdy:DGCjDSMPVDtJNlGaRY1TjU0afZHr6Kdy

Malware Config

Extracted

Family

xtremerat

C2

princedz.no-ip.org

Targets

    • Target

      3ef048400dedc33a8b542c37e8c88f8e_JaffaCakes118

    • Size

      114KB

    • MD5

      3ef048400dedc33a8b542c37e8c88f8e

    • SHA1

      17f023771d1fb12a738f12260005a4157ac5c647

    • SHA256

      34558fb35a6b19a4b1de1e5001f1e60205cb34336765fbf2dee46dfb843595bd

    • SHA512

      bf5f01c581456926a6805be1b765ccb632f6d9800168ba3fae3dc53e62006c70a6ab11b1443d251f23b79275093a33d7587282eea5709793110715cc08dcacbd

    • SSDEEP

      1536:D4+OCECjSYSTj3xeP8KD6FiJrA4LRGaRYEGc8jUVG4t0afZQ8rr98Kdy:DGCjDSMPVDtJNlGaRY1TjU0afZHr6Kdy

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks