General

  • Target

    504c73c86c4b41f578d13acffec9621e_JaffaCakes118

  • Size

    124KB

  • Sample

    240716-2baqzsshkp

  • MD5

    504c73c86c4b41f578d13acffec9621e

  • SHA1

    a07a250bb175b35736dd6c5d70436e5c61f5ca2b

  • SHA256

    f46c880e324a99523f7027edc0fc7325da89edf51365a00ce65dcafac6b143c4

  • SHA512

    7578308d6302cdf75c63d211e8b36c01f1f2dde2d6a9a766f50d01d0485d7c4e2a55aacdc3fca1926ab2371b5c455a8aae281ca7343dca7527c4bd4d2a78c138

  • SSDEEP

    3072:lxOBdPD8zm8UtwUT0gdk7iIioI24WosngTy:fOBN8K8BS0gdkuRo9ou

Malware Config

Extracted

Family

xtremerat

C2

moon2009us.linkpc.net

Targets

    • Target

      504c73c86c4b41f578d13acffec9621e_JaffaCakes118

    • Size

      124KB

    • MD5

      504c73c86c4b41f578d13acffec9621e

    • SHA1

      a07a250bb175b35736dd6c5d70436e5c61f5ca2b

    • SHA256

      f46c880e324a99523f7027edc0fc7325da89edf51365a00ce65dcafac6b143c4

    • SHA512

      7578308d6302cdf75c63d211e8b36c01f1f2dde2d6a9a766f50d01d0485d7c4e2a55aacdc3fca1926ab2371b5c455a8aae281ca7343dca7527c4bd4d2a78c138

    • SSDEEP

      3072:lxOBdPD8zm8UtwUT0gdk7iIioI24WosngTy:fOBN8K8BS0gdkuRo9ou

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks