General

  • Target

    413ac3800e818b4959ea5f3f8916385f_JaffaCakes118

  • Size

    300KB

  • Sample

    240713-l494jsydph

  • MD5

    413ac3800e818b4959ea5f3f8916385f

  • SHA1

    e99ec98a7b286f0e23e2daa5c599cb31653982aa

  • SHA256

    5ae8177056a6a129fffdd63059f1021ed75424d2c64f5e22214af3b604532609

  • SHA512

    0fe3e83f66584666f2f30795783894a8b9903d26cedbdee9e180dbb9fa8794c84dc3ef9d3ef90c635c2741e4cfe67d9dbe2d0651aeb11472a089091ca1d25f21

  • SSDEEP

    3072:LIZn0wUdjzJwKWt+VrqRHgG5FOEYYKvYut1mQbISR3oJWVrqRHgG5FOEYYKvYutY:7ZrqRHuxYK91mQbISRiKrqRHuxYK9Y

Malware Config

Targets

    • Target

      413ac3800e818b4959ea5f3f8916385f_JaffaCakes118

    • Size

      300KB

    • MD5

      413ac3800e818b4959ea5f3f8916385f

    • SHA1

      e99ec98a7b286f0e23e2daa5c599cb31653982aa

    • SHA256

      5ae8177056a6a129fffdd63059f1021ed75424d2c64f5e22214af3b604532609

    • SHA512

      0fe3e83f66584666f2f30795783894a8b9903d26cedbdee9e180dbb9fa8794c84dc3ef9d3ef90c635c2741e4cfe67d9dbe2d0651aeb11472a089091ca1d25f21

    • SSDEEP

      3072:LIZn0wUdjzJwKWt+VrqRHgG5FOEYYKvYut1mQbISR3oJWVrqRHgG5FOEYYKvYutY:7ZrqRHuxYK91mQbISRiKrqRHuxYK9Y

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks