General

  • Target

    50fdb6f324fd4ab006d8a6955f031873_JaffaCakes118

  • Size

    73KB

  • Sample

    240717-caqnda1ajp

  • MD5

    50fdb6f324fd4ab006d8a6955f031873

  • SHA1

    789e595ef3309dd097b1088573372b1bf93d7420

  • SHA256

    3dbe997dbe64743e6410fa3365940ba261710e7130806e9793603780b8d383f7

  • SHA512

    acd5c5a52d054a500ba5812a74865cfe6324b3f508c8c3ac8701d9410472f1ea2dd14dad1d3e5709bf9e1e1c289443f2cb52798341f6270cf5a05cf4bfa6e2c2

  • SSDEEP

    1536:HGFJkVFLP7BZ4OImlKJjQjweI8uY37BZohu2QfTHSyxS:msrP34OIq3q145hxS

Malware Config

Targets

    • Target

      50fdb6f324fd4ab006d8a6955f031873_JaffaCakes118

    • Size

      73KB

    • MD5

      50fdb6f324fd4ab006d8a6955f031873

    • SHA1

      789e595ef3309dd097b1088573372b1bf93d7420

    • SHA256

      3dbe997dbe64743e6410fa3365940ba261710e7130806e9793603780b8d383f7

    • SHA512

      acd5c5a52d054a500ba5812a74865cfe6324b3f508c8c3ac8701d9410472f1ea2dd14dad1d3e5709bf9e1e1c289443f2cb52798341f6270cf5a05cf4bfa6e2c2

    • SSDEEP

      1536:HGFJkVFLP7BZ4OImlKJjQjweI8uY37BZohu2QfTHSyxS:msrP34OIq3q145hxS

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks