General

  • Target

    6098b3a5e5275b8b51320122b30b84fc_JaffaCakes118

  • Size

    148KB

  • Sample

    240721-pv9cfatblr

  • MD5

    6098b3a5e5275b8b51320122b30b84fc

  • SHA1

    9fa0cac054f99f55f45a5e54d3eb46ea389fa760

  • SHA256

    47073f3dbc7fbecf98f4fbc3146c3692152fc3ef8496bfa9ae3ad8477cb0efb0

  • SHA512

    6595eb77dda60da1b1b67694644929bbf663489c99b6666d76f40286b7cb428ff4b733ef8ce83d4dee661b9dfaedfb3c5b10c5257b0baad6d22e1cec86e13875

  • SSDEEP

    3072:mAJrbQVPJCd6ZlGQXfE2YIzAm8CU5FTTlF/n:JMVRCeEZI78Jp

Malware Config

Targets

    • Target

      6098b3a5e5275b8b51320122b30b84fc_JaffaCakes118

    • Size

      148KB

    • MD5

      6098b3a5e5275b8b51320122b30b84fc

    • SHA1

      9fa0cac054f99f55f45a5e54d3eb46ea389fa760

    • SHA256

      47073f3dbc7fbecf98f4fbc3146c3692152fc3ef8496bfa9ae3ad8477cb0efb0

    • SHA512

      6595eb77dda60da1b1b67694644929bbf663489c99b6666d76f40286b7cb428ff4b733ef8ce83d4dee661b9dfaedfb3c5b10c5257b0baad6d22e1cec86e13875

    • SSDEEP

      3072:mAJrbQVPJCd6ZlGQXfE2YIzAm8CU5FTTlF/n:JMVRCeEZI78Jp

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks