General

  • Target

    3fc91b904a595426ff3d835d00868bcf_JaffaCakes118

  • Size

    85KB

  • Sample

    240713-clltkatdjf

  • MD5

    3fc91b904a595426ff3d835d00868bcf

  • SHA1

    97799b06d035afe53ead191d7a96d08410bf274d

  • SHA256

    1e2c3bb17e3628ef98870c67fd217506265b2c94e44182b70bde58e8697e7333

  • SHA512

    5a92ef78e8b76739709a2b415eaefb21248592f7d063cc1193d56eaafb6c51728045d9115d849c7a878283300f04817ca80c49def69c4f1602edcbe4a2011caa

  • SSDEEP

    1536:+VNEfxvOYM9zqqYyIow2MJCZ7iqHWWzpatef6O0+DZFT+ePL0Vf7ds2IcYX9nNgL:UE9lwdYyIow2MJCZ7idewtUY+fT+ePLy

Malware Config

Extracted

Family

xtremerat

C2

franco1.no-ip.org

Targets

    • Target

      3fc91b904a595426ff3d835d00868bcf_JaffaCakes118

    • Size

      85KB

    • MD5

      3fc91b904a595426ff3d835d00868bcf

    • SHA1

      97799b06d035afe53ead191d7a96d08410bf274d

    • SHA256

      1e2c3bb17e3628ef98870c67fd217506265b2c94e44182b70bde58e8697e7333

    • SHA512

      5a92ef78e8b76739709a2b415eaefb21248592f7d063cc1193d56eaafb6c51728045d9115d849c7a878283300f04817ca80c49def69c4f1602edcbe4a2011caa

    • SSDEEP

      1536:+VNEfxvOYM9zqqYyIow2MJCZ7iqHWWzpatef6O0+DZFT+ePL0Vf7ds2IcYX9nNgL:UE9lwdYyIow2MJCZ7idewtUY+fT+ePLy

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks