General

  • Target

    58842e46169d203b2767fe250ce19096_JaffaCakes118

  • Size

    101KB

  • Sample

    240718-wtnsnszgmp

  • MD5

    58842e46169d203b2767fe250ce19096

  • SHA1

    e2eef12504b892a7e19707c3d56ba161e0eea5dd

  • SHA256

    3b6a3c7bf096024788126d7b614de9c63d35770b9b9259448bacd17f0afe7978

  • SHA512

    5ea65e16b8b69d9792d98c5a3d1ac293b5de1b0379d1a22db2b90981ca6ae5dbd93d6ff1877639c1a641bf2bf5cdf7c0b5b2d905479fe972c9ef1eea6bd7db49

  • SSDEEP

    1536:h7G6BX7Jt+CxukQqkc0361QBI2kWT2jYOUk5KdWpYJyTghZvj:h7Gad8CxukQqt0361Qy28CbUeyQ

Malware Config

Extracted

Family

xtremerat

C2

black100.no-ip.biz

cantstop.no-ip.biz

Targets

    • Target

      58842e46169d203b2767fe250ce19096_JaffaCakes118

    • Size

      101KB

    • MD5

      58842e46169d203b2767fe250ce19096

    • SHA1

      e2eef12504b892a7e19707c3d56ba161e0eea5dd

    • SHA256

      3b6a3c7bf096024788126d7b614de9c63d35770b9b9259448bacd17f0afe7978

    • SHA512

      5ea65e16b8b69d9792d98c5a3d1ac293b5de1b0379d1a22db2b90981ca6ae5dbd93d6ff1877639c1a641bf2bf5cdf7c0b5b2d905479fe972c9ef1eea6bd7db49

    • SSDEEP

      1536:h7G6BX7Jt+CxukQqkc0361QBI2kWT2jYOUk5KdWpYJyTghZvj:h7Gad8CxukQqt0361Qy28CbUeyQ

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks