General

  • Target

    609e45081a2d879da829bc70d315a3ae_JaffaCakes118

  • Size

    395KB

  • Sample

    240721-p6pgea1gmb

  • MD5

    609e45081a2d879da829bc70d315a3ae

  • SHA1

    a3e18de1588b219bb0b56c4a0cab7930cc6266ea

  • SHA256

    f34c9a6f5dc5356a2763d61b0bb4f7133f9eba0b2ca1ee42f0575ba8d1b21381

  • SHA512

    b1ca7769e6f7fffacd09586d5b2b0694cca6017c0f5fdf1c1666902fd2c83217c6b505cfb50b2f520159c9ee12de7f9d2c5b08ac43d29c8551760f29355d4f21

  • SSDEEP

    12288:UdoS493ACIl7vI1kiqHNnyVek/a4AmHNX467pMYI/:EoIjIbgyLC4t54671I/

Malware Config

Extracted

Family

xtremerat

C2

mmsalti.no-ip.org

Targets

    • Target

      609e45081a2d879da829bc70d315a3ae_JaffaCakes118

    • Size

      395KB

    • MD5

      609e45081a2d879da829bc70d315a3ae

    • SHA1

      a3e18de1588b219bb0b56c4a0cab7930cc6266ea

    • SHA256

      f34c9a6f5dc5356a2763d61b0bb4f7133f9eba0b2ca1ee42f0575ba8d1b21381

    • SHA512

      b1ca7769e6f7fffacd09586d5b2b0694cca6017c0f5fdf1c1666902fd2c83217c6b505cfb50b2f520159c9ee12de7f9d2c5b08ac43d29c8551760f29355d4f21

    • SSDEEP

      12288:UdoS493ACIl7vI1kiqHNnyVek/a4AmHNX467pMYI/:EoIjIbgyLC4t54671I/

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks