General

  • Target

    5334611154ece0394f574829071d4d49_JaffaCakes118

  • Size

    665KB

  • Sample

    240717-qtmmqawcqd

  • MD5

    5334611154ece0394f574829071d4d49

  • SHA1

    f33a196d71f3e4ececdc72d625d85a9c2fb5e280

  • SHA256

    817388667aa622ad7cd226517a16db26dd4c4502c2802eb186fc98cfa3a464be

  • SHA512

    017167fd408de6d881871b6e46cd39b6ac276efc5f6f086e4d68b9656e7d75d29271e8a6017f3b91ab0f0d195d831ff064dcb8b778983503b102724d00abea8a

  • SSDEEP

    12288:sd6bQ3UXbEuUINrMiLhgQzqZER5ejS1lPqRg3XfdvsPQrqLYww73g70YqM:scbLNGxjHR+XdSYP73g1

Malware Config

Extracted

Family

xtremerat

C2

bl00dmaster.no-ip.org

Targets

    • Target

      5334611154ece0394f574829071d4d49_JaffaCakes118

    • Size

      665KB

    • MD5

      5334611154ece0394f574829071d4d49

    • SHA1

      f33a196d71f3e4ececdc72d625d85a9c2fb5e280

    • SHA256

      817388667aa622ad7cd226517a16db26dd4c4502c2802eb186fc98cfa3a464be

    • SHA512

      017167fd408de6d881871b6e46cd39b6ac276efc5f6f086e4d68b9656e7d75d29271e8a6017f3b91ab0f0d195d831ff064dcb8b778983503b102724d00abea8a

    • SSDEEP

      12288:sd6bQ3UXbEuUINrMiLhgQzqZER5ejS1lPqRg3XfdvsPQrqLYww73g70YqM:scbLNGxjHR+XdSYP73g1

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks