General

  • Target

    5a30802dd3eb72136c26162acf898260_JaffaCakes118

  • Size

    508KB

  • Sample

    240719-deebkssfpc

  • MD5

    5a30802dd3eb72136c26162acf898260

  • SHA1

    07493a952d2bc2f746af92027e5f360db53b2efb

  • SHA256

    899252cbedae448aae9211f74f19f78ba6737e3d55ab606308ed81f8fe58cd03

  • SHA512

    ebecc4af58db4a5e4e5f95fdc8b040b1bbc63692931649f3422361a998458a953412e46bd6ae20bd7de093188ba23ab4123e099587488519ed0882d0dc304829

  • SSDEEP

    6144:gF1AFJKPQOPOY36TpfgSfLJM4R/Ai3lVZD04o:+jIOGd5NAwlfBo

Malware Config

Extracted

Family

xtremerat

C2

shakur2.dyndns.biz

Targets

    • Target

      5a30802dd3eb72136c26162acf898260_JaffaCakes118

    • Size

      508KB

    • MD5

      5a30802dd3eb72136c26162acf898260

    • SHA1

      07493a952d2bc2f746af92027e5f360db53b2efb

    • SHA256

      899252cbedae448aae9211f74f19f78ba6737e3d55ab606308ed81f8fe58cd03

    • SHA512

      ebecc4af58db4a5e4e5f95fdc8b040b1bbc63692931649f3422361a998458a953412e46bd6ae20bd7de093188ba23ab4123e099587488519ed0882d0dc304829

    • SSDEEP

      6144:gF1AFJKPQOPOY36TpfgSfLJM4R/Ai3lVZD04o:+jIOGd5NAwlfBo

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks