General

  • Target

    5829f16a3bd768afa9610eac27198c2d_JaffaCakes118

  • Size

    112KB

  • Sample

    240718-twy1bazdlb

  • MD5

    5829f16a3bd768afa9610eac27198c2d

  • SHA1

    ca02e316063ee7119c04eb37d75fe774095e2aa8

  • SHA256

    de2db84aa8fbb9150a755d58b2de6329d7b743e74ad5b0fab94aa34bf28cefa9

  • SHA512

    1e7be5d822ac3a39dd4b0badeaf37a9f32858852813e1043f90e7fd89e9995931333f66715ebd7ee1cad43fdba7210f61c96ee640c411057aff88fdd0aa7e917

  • SSDEEP

    3072:nxvBCxVNNKNxCG4TTDVdA3xW+TeEQJSh0wn2pI:nxYRGChfDV0A+TeEXn

Malware Config

Extracted

Family

xtremerat

C2

redxxx.sytes.net

Targets

    • Target

      5829f16a3bd768afa9610eac27198c2d_JaffaCakes118

    • Size

      112KB

    • MD5

      5829f16a3bd768afa9610eac27198c2d

    • SHA1

      ca02e316063ee7119c04eb37d75fe774095e2aa8

    • SHA256

      de2db84aa8fbb9150a755d58b2de6329d7b743e74ad5b0fab94aa34bf28cefa9

    • SHA512

      1e7be5d822ac3a39dd4b0badeaf37a9f32858852813e1043f90e7fd89e9995931333f66715ebd7ee1cad43fdba7210f61c96ee640c411057aff88fdd0aa7e917

    • SSDEEP

      3072:nxvBCxVNNKNxCG4TTDVdA3xW+TeEQJSh0wn2pI:nxYRGChfDV0A+TeEXn

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks