General

  • Target

    40b107a71805ea594a505660705afcd7_JaffaCakes118

  • Size

    33KB

  • Sample

    240713-h2zm9atclb

  • MD5

    40b107a71805ea594a505660705afcd7

  • SHA1

    f9474b6dc786a7c314aa01907c765a6277d65702

  • SHA256

    14afcde38e2a17926b086153747e3292e128cc4a49c691e76c5f62f621ebd334

  • SHA512

    4ee084877ed570ee531073fa5a60bafd6a66fd779d9be06804a3611afbb4fda835d83b0d42b1306ac46a3bae6cdcb0852de58b37eb32f933e06d7d8b1286f211

  • SSDEEP

    768:gMuijtHf5g7/IIG3bGcYDBSvFIWuePQtv66lLLSPi8S:pNW71rcYDAWeotvXlLLSPn

Malware Config

Extracted

Family

xtremerat

C2

Gdoit192.no-ip.info

Targets

    • Target

      40b107a71805ea594a505660705afcd7_JaffaCakes118

    • Size

      33KB

    • MD5

      40b107a71805ea594a505660705afcd7

    • SHA1

      f9474b6dc786a7c314aa01907c765a6277d65702

    • SHA256

      14afcde38e2a17926b086153747e3292e128cc4a49c691e76c5f62f621ebd334

    • SHA512

      4ee084877ed570ee531073fa5a60bafd6a66fd779d9be06804a3611afbb4fda835d83b0d42b1306ac46a3bae6cdcb0852de58b37eb32f933e06d7d8b1286f211

    • SSDEEP

      768:gMuijtHf5g7/IIG3bGcYDBSvFIWuePQtv66lLLSPi8S:pNW71rcYDAWeotvXlLLSPn

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks