General

  • Target

    5fd561bc5be78b2078d72a1063b49a55_JaffaCakes118

  • Size

    173KB

  • Sample

    240720-kw8ebavenq

  • MD5

    5fd561bc5be78b2078d72a1063b49a55

  • SHA1

    b052c4dfdd7467300d99d3671ebe04e2574e5839

  • SHA256

    6466a2b1d7700192b2d9107ea5e62d7adb3d8ada9454d58567c3742fcb7a87a4

  • SHA512

    c2ee84610c956c7dc9c1987233c15e74069c0aafcff9cb425029886b542208b06a39071e0e6da31743006e549219ff6938d261aa57ca0fd714a0df95de1598a0

  • SSDEEP

    3072:iqMyKdcweXHW5I7p12Im9DVQuRujtH7p12Im9DVQuRujtR:ABf2HW5Ep12ImOtbp12ImOtR

Malware Config

Extracted

Family

xtremerat

C2

baimian.3322.org

Targets

    • Target

      5fd561bc5be78b2078d72a1063b49a55_JaffaCakes118

    • Size

      173KB

    • MD5

      5fd561bc5be78b2078d72a1063b49a55

    • SHA1

      b052c4dfdd7467300d99d3671ebe04e2574e5839

    • SHA256

      6466a2b1d7700192b2d9107ea5e62d7adb3d8ada9454d58567c3742fcb7a87a4

    • SHA512

      c2ee84610c956c7dc9c1987233c15e74069c0aafcff9cb425029886b542208b06a39071e0e6da31743006e549219ff6938d261aa57ca0fd714a0df95de1598a0

    • SSDEEP

      3072:iqMyKdcweXHW5I7p12Im9DVQuRujtH7p12Im9DVQuRujtR:ABf2HW5Ep12ImOtbp12ImOtR

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

MITRE ATT&CK Enterprise v15

Tasks