General

  • Target

    5f8d26f0396705c60b28f0bcc7d0fb5f_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240720-h72psssbqq

  • MD5

    5f8d26f0396705c60b28f0bcc7d0fb5f

  • SHA1

    7b7c6f70b8bf3f9892add1511cdc8d20ed20dc8f

  • SHA256

    5382c50d3123845d623994107fbac2a4830f7d78130940155324ca1b1222d940

  • SHA512

    a5b1940fc97e4017ed796ad3df869782c4956f613beb493773a443492c8e496997352a440e836c1900d936a4c21bc58b216826921e1ee57c20a0f197694945d5

  • SSDEEP

    24576:Xa/ndP+SOUFJgfnkEgSvW0gx00WdxoSAXEfF:Q8SO1fkEd22F

Malware Config

Extracted

Family

xtremerat

C2

daimoom3.zapto.org

Targets

    • Target

      5f8d26f0396705c60b28f0bcc7d0fb5f_JaffaCakes118

    • Size

      1.2MB

    • MD5

      5f8d26f0396705c60b28f0bcc7d0fb5f

    • SHA1

      7b7c6f70b8bf3f9892add1511cdc8d20ed20dc8f

    • SHA256

      5382c50d3123845d623994107fbac2a4830f7d78130940155324ca1b1222d940

    • SHA512

      a5b1940fc97e4017ed796ad3df869782c4956f613beb493773a443492c8e496997352a440e836c1900d936a4c21bc58b216826921e1ee57c20a0f197694945d5

    • SSDEEP

      24576:Xa/ndP+SOUFJgfnkEgSvW0gx00WdxoSAXEfF:Q8SO1fkEd22F

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks