General

  • Target

    588d9d798deeafd908e2b8c83987fe23_JaffaCakes118

  • Size

    111KB

  • Sample

    240718-w2fr2atflb

  • MD5

    588d9d798deeafd908e2b8c83987fe23

  • SHA1

    ad3ea5016fa67a8ed9c589f883cb24092bf32c11

  • SHA256

    1ee6d0d25bb81143cd4117a010d31adf19d0bfb17fe3e499f3d4584fba95684c

  • SHA512

    7939e3f9106819b6cc39fd67d7970e2cca0e560b8594702309bcad8085ab514e99a486e1d9b5000a07f70d62e7fb5c455d4a1c54ccc75b1b681310fe9956a4df

  • SSDEEP

    3072:zxoXeklkYD1AzHLHrFv2q2/WEkSxvC2HZI:loXRkCAzrHr12wVSM

Malware Config

Extracted

Family

xtremerat

C2

daimoom3.zapto.org

Targets

    • Target

      588d9d798deeafd908e2b8c83987fe23_JaffaCakes118

    • Size

      111KB

    • MD5

      588d9d798deeafd908e2b8c83987fe23

    • SHA1

      ad3ea5016fa67a8ed9c589f883cb24092bf32c11

    • SHA256

      1ee6d0d25bb81143cd4117a010d31adf19d0bfb17fe3e499f3d4584fba95684c

    • SHA512

      7939e3f9106819b6cc39fd67d7970e2cca0e560b8594702309bcad8085ab514e99a486e1d9b5000a07f70d62e7fb5c455d4a1c54ccc75b1b681310fe9956a4df

    • SSDEEP

      3072:zxoXeklkYD1AzHLHrFv2q2/WEkSxvC2HZI:loXRkCAzrHr12wVSM

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks