General

  • Target

    5a0b097f17aa4e0c0328c28c504c2e0f_JaffaCakes118

  • Size

    175KB

  • Sample

    240719-ckq2wsxgqj

  • MD5

    5a0b097f17aa4e0c0328c28c504c2e0f

  • SHA1

    5a443bbbf78ca80e781cdb0ee85bbb14f394881b

  • SHA256

    c70b11772cad5d43482ce1cdb5309d0e9b7ce9ffb6a34be4d9ba3d9a0952c2ac

  • SHA512

    775a3acb5c473439ae94568f10aa04ca9ae44cc3d6225a9105067884f0a5f5c5e7207eb303fb9a6d2ff49395226db40a82cbe1c61527284cac9f2c263323c72b

  • SSDEEP

    1536:G7YH8A8VNm8GG88gm6g7UJW1vGA4VCKTIe1dgHOwU:R2VNmbG886g7MW1vYrIEd4PU

Malware Config

Extracted

Family

xtremerat

C2

raoufskull.no-ip.org

Targets

    • Target

      5a0b097f17aa4e0c0328c28c504c2e0f_JaffaCakes118

    • Size

      175KB

    • MD5

      5a0b097f17aa4e0c0328c28c504c2e0f

    • SHA1

      5a443bbbf78ca80e781cdb0ee85bbb14f394881b

    • SHA256

      c70b11772cad5d43482ce1cdb5309d0e9b7ce9ffb6a34be4d9ba3d9a0952c2ac

    • SHA512

      775a3acb5c473439ae94568f10aa04ca9ae44cc3d6225a9105067884f0a5f5c5e7207eb303fb9a6d2ff49395226db40a82cbe1c61527284cac9f2c263323c72b

    • SSDEEP

      1536:G7YH8A8VNm8GG88gm6g7UJW1vGA4VCKTIe1dgHOwU:R2VNmbG886g7MW1vYrIEd4PU

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks