General

  • Target

    531213d0b94c26e4d267d1c86a967893_JaffaCakes118

  • Size

    127KB

  • Sample

    240717-p51haavcjb

  • MD5

    531213d0b94c26e4d267d1c86a967893

  • SHA1

    a9c62f63c638acf43a7f46c65b9601fd8b34e2ff

  • SHA256

    c74ca6a9d3ce1bf3d2420b444334fef3a786a842f58b8acca83a4bd5580d937a

  • SHA512

    d44f4565dc80971996f015c8219691825b1e588b28490717d9aa0f64c484117dbd76190c1234ba9eefb345c595601814e6cc68eb36bb627ccc6b4635d43b14a4

  • SSDEEP

    3072:PD5YAoxP4ceZHIwMCIyB0g/Z/noutNsngh:Plq69IxDyBr/noSN

Malware Config

Extracted

Family

xtremerat

C2

moon2009us.linkpc.net

Targets

    • Target

      531213d0b94c26e4d267d1c86a967893_JaffaCakes118

    • Size

      127KB

    • MD5

      531213d0b94c26e4d267d1c86a967893

    • SHA1

      a9c62f63c638acf43a7f46c65b9601fd8b34e2ff

    • SHA256

      c74ca6a9d3ce1bf3d2420b444334fef3a786a842f58b8acca83a4bd5580d937a

    • SHA512

      d44f4565dc80971996f015c8219691825b1e588b28490717d9aa0f64c484117dbd76190c1234ba9eefb345c595601814e6cc68eb36bb627ccc6b4635d43b14a4

    • SSDEEP

      3072:PD5YAoxP4ceZHIwMCIyB0g/Z/noutNsngh:Plq69IxDyBr/noSN

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks