General

  • Target

    594aceb1003d4688c9daf9f0d5d76525_JaffaCakes118

  • Size

    173KB

  • Sample

    240718-16dwfsscpa

  • MD5

    594aceb1003d4688c9daf9f0d5d76525

  • SHA1

    c76f76779127cb42cc7efbf74fbee5bd95111b66

  • SHA256

    4e1aecb981aff7290be96615cbde8107ef8a1fcfa11e40537b408958104c0bff

  • SHA512

    2bf9134837ddef682fe478bd68fac5db15c0215b083db9714584e01bf81cf038548044efa958a4b4c1b7d11fd1130a85134de33820c28c94df7ea2aa540acc3d

  • SSDEEP

    1536:Cu/eok4zFfmAs4HsNKuUXUtHd0XmyPE04b1sKiLRFbxSCu/DKOZtY4DU9bZRju0Z:Leok4RfTq8OKbvLx7CK0YUU9VzZ

Malware Config

Extracted

Family

xtremerat

C2

freshness.dyndns-ip.com

Targets

    • Target

      594aceb1003d4688c9daf9f0d5d76525_JaffaCakes118

    • Size

      173KB

    • MD5

      594aceb1003d4688c9daf9f0d5d76525

    • SHA1

      c76f76779127cb42cc7efbf74fbee5bd95111b66

    • SHA256

      4e1aecb981aff7290be96615cbde8107ef8a1fcfa11e40537b408958104c0bff

    • SHA512

      2bf9134837ddef682fe478bd68fac5db15c0215b083db9714584e01bf81cf038548044efa958a4b4c1b7d11fd1130a85134de33820c28c94df7ea2aa540acc3d

    • SSDEEP

      1536:Cu/eok4zFfmAs4HsNKuUXUtHd0XmyPE04b1sKiLRFbxSCu/DKOZtY4DU9bZRju0Z:Leok4RfTq8OKbvLx7CK0YUU9VzZ

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks