General

  • Target

    61a7414eeada6d0ab43b6c749c389b65_JaffaCakes118

  • Size

    111KB

  • Sample

    240721-2cwpvaxgla

  • MD5

    61a7414eeada6d0ab43b6c749c389b65

  • SHA1

    25560bb8e94f7f3e84ce5eb87da8cfec3c51b901

  • SHA256

    dcabef9033ae676e18f78383dd73ee085986d65f356abd90007702301f39f90a

  • SHA512

    179f132dba1b5471fc64552c4d36956f95d375b0c26574932db1ef62fcd0447e2a011b6b6f9a4bbdeae830313956165a8e6b3d8e7f28f00c57cc6a475a87d6bc

  • SSDEEP

    1536:5du8hk1t5CS0s4CGMiT7spPDXAnQekuaC0o22iTb3FpKWhi4qzf+rVEOW9:Vq1fdqNcxUn7kuaC0WiTK1zuV7A

Malware Config

Extracted

Family

xtremerat

C2

shakur2.dyndns.biz

Targets

    • Target

      61a7414eeada6d0ab43b6c749c389b65_JaffaCakes118

    • Size

      111KB

    • MD5

      61a7414eeada6d0ab43b6c749c389b65

    • SHA1

      25560bb8e94f7f3e84ce5eb87da8cfec3c51b901

    • SHA256

      dcabef9033ae676e18f78383dd73ee085986d65f356abd90007702301f39f90a

    • SHA512

      179f132dba1b5471fc64552c4d36956f95d375b0c26574932db1ef62fcd0447e2a011b6b6f9a4bbdeae830313956165a8e6b3d8e7f28f00c57cc6a475a87d6bc

    • SSDEEP

      1536:5du8hk1t5CS0s4CGMiT7spPDXAnQekuaC0o22iTb3FpKWhi4qzf+rVEOW9:Vq1fdqNcxUn7kuaC0WiTK1zuV7A

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks