General

  • Target

    59789099526a83177922e7375f8b3265_JaffaCakes118

  • Size

    55KB

  • Sample

    240718-25jkzs1fkm

  • MD5

    59789099526a83177922e7375f8b3265

  • SHA1

    a0bfc1cb2c81e4fdb92ee26bf2ce8ca765f431eb

  • SHA256

    88c2a0ad63b898e81109bc0eae0b9c419b572377587d3e2b870f62fd97181fc9

  • SHA512

    dbd6a64466d57edb266490167ba82931d4b5c0b04f9fc83c9d50a0d1e263373126de954a8bff74d0e806691cc99b804fc931a410b2756db3eb2bae9b727e6e2d

  • SSDEEP

    768:USRcEMPG+0Ux/vM/kr01X/bhM8G0g1++Q/dmTw8mZgG8GkMbxJtluybzRKZ:/XS0Uxvckr05b2/0inkcggDGPZVKZ

Malware Config

Extracted

Family

xtremerat

C2

3m3m3m3m.no-ip.info

Targets

    • Target

      59789099526a83177922e7375f8b3265_JaffaCakes118

    • Size

      55KB

    • MD5

      59789099526a83177922e7375f8b3265

    • SHA1

      a0bfc1cb2c81e4fdb92ee26bf2ce8ca765f431eb

    • SHA256

      88c2a0ad63b898e81109bc0eae0b9c419b572377587d3e2b870f62fd97181fc9

    • SHA512

      dbd6a64466d57edb266490167ba82931d4b5c0b04f9fc83c9d50a0d1e263373126de954a8bff74d0e806691cc99b804fc931a410b2756db3eb2bae9b727e6e2d

    • SSDEEP

      768:USRcEMPG+0Ux/vM/kr01X/bhM8G0g1++Q/dmTw8mZgG8GkMbxJtluybzRKZ:/XS0Uxvckr05b2/0inkcggDGPZVKZ

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks