General

  • Target

    40b6f13bed6b09c146417e8753d79bd9_JaffaCakes118

  • Size

    40KB

  • Sample

    240713-h61q4stejf

  • MD5

    40b6f13bed6b09c146417e8753d79bd9

  • SHA1

    c0559e5ad553acb98f45f39e7fb2805e0aa13e14

  • SHA256

    264f08b329d4410271eff83db3198f7f42cc1fb7996878ebc2dea102d1b6f8e8

  • SHA512

    798703737ae7450b57651b31e5c06cfe757c1f37338dfdb02fd9e21d89660ef93dc8f303290913c0b1a07417ba6b89b09505ec6cad9af0a881fa8eeeb1af96aa

  • SSDEEP

    768:jjups9Xmn9VyMltWqPsJQYCOGpVTY6gAmi/GYkNCK0mJGPJxMLoIi:IiWnWjqP0QYzGp7ghCkd0mJV

Malware Config

Extracted

Family

xtremerat

C2

www.youtube.com

lifehelp.sytes.net

Targets

    • Target

      40b6f13bed6b09c146417e8753d79bd9_JaffaCakes118

    • Size

      40KB

    • MD5

      40b6f13bed6b09c146417e8753d79bd9

    • SHA1

      c0559e5ad553acb98f45f39e7fb2805e0aa13e14

    • SHA256

      264f08b329d4410271eff83db3198f7f42cc1fb7996878ebc2dea102d1b6f8e8

    • SHA512

      798703737ae7450b57651b31e5c06cfe757c1f37338dfdb02fd9e21d89660ef93dc8f303290913c0b1a07417ba6b89b09505ec6cad9af0a881fa8eeeb1af96aa

    • SSDEEP

      768:jjups9Xmn9VyMltWqPsJQYCOGpVTY6gAmi/GYkNCK0mJGPJxMLoIi:IiWnWjqP0QYzGp7ghCkd0mJV

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks