General

  • Target

    40cfb98a492bc887ae1e5aed7aa5f184_JaffaCakes118

  • Size

    400KB

  • Sample

    240713-jpbw4avcka

  • MD5

    40cfb98a492bc887ae1e5aed7aa5f184

  • SHA1

    2e485de356f958b6bf9eaf7e98ae2d42675fe684

  • SHA256

    6847aa8cfb666661614dfb94c7625102891ca228fb138409d88f43db4537872b

  • SHA512

    0409c1c39621f729c75f16c31b83bacd5429cf6767f606b44ec013f9a2c200b497a19e530f22f7de47fac3e0813a15ddce56a92d38c78979d5b2b00984b971ad

  • SSDEEP

    3072:Y44rj/toaaO5FoxwXWBBZZdXWBBZZJszMoPxW:jSLxLXWBBZZdXWBBZZNoPxW

Malware Config

Extracted

Family

xtremerat

C2

optionsk.no-ip.biz

Targets

    • Target

      40cfb98a492bc887ae1e5aed7aa5f184_JaffaCakes118

    • Size

      400KB

    • MD5

      40cfb98a492bc887ae1e5aed7aa5f184

    • SHA1

      2e485de356f958b6bf9eaf7e98ae2d42675fe684

    • SHA256

      6847aa8cfb666661614dfb94c7625102891ca228fb138409d88f43db4537872b

    • SHA512

      0409c1c39621f729c75f16c31b83bacd5429cf6767f606b44ec013f9a2c200b497a19e530f22f7de47fac3e0813a15ddce56a92d38c78979d5b2b00984b971ad

    • SSDEEP

      3072:Y44rj/toaaO5FoxwXWBBZZdXWBBZZJszMoPxW:jSLxLXWBBZZdXWBBZZNoPxW

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks