General

  • Target

    40dcae8ca7b8fdca2910659c36146277_JaffaCakes118

  • Size

    283KB

  • Sample

    240713-jzr13ashlr

  • MD5

    40dcae8ca7b8fdca2910659c36146277

  • SHA1

    11b6800d56d2ce79a918e218d6619b238fe79946

  • SHA256

    f91931e87c589998fc0fff289707e040d25ad00c682cb91f164c2e997eaaab07

  • SHA512

    ffd3f3b3745b583a91c0a996f64ca56d9ba9b71855771fa404a6d7a0a48e6d93aacf0d6f413a154ec53917ba0492453191385e20a0285d30b114cada37a0ab68

  • SSDEEP

    768:QGsdq7QJTlbUP3EwomeRih8jLlLDhKDSGU2+rD7+SLgEHYX:Dsdq7QgP0ZNWb+nYX

Malware Config

Extracted

Family

xtremerat

C2

fons.no-ip.info

C:\Users\Publfons.no-ip.biz

Targets

    • Target

      40dcae8ca7b8fdca2910659c36146277_JaffaCakes118

    • Size

      283KB

    • MD5

      40dcae8ca7b8fdca2910659c36146277

    • SHA1

      11b6800d56d2ce79a918e218d6619b238fe79946

    • SHA256

      f91931e87c589998fc0fff289707e040d25ad00c682cb91f164c2e997eaaab07

    • SHA512

      ffd3f3b3745b583a91c0a996f64ca56d9ba9b71855771fa404a6d7a0a48e6d93aacf0d6f413a154ec53917ba0492453191385e20a0285d30b114cada37a0ab68

    • SSDEEP

      768:QGsdq7QJTlbUP3EwomeRih8jLlLDhKDSGU2+rD7+SLgEHYX:Dsdq7QgP0ZNWb+nYX

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks