General

  • Target

    60ab9462c29fdf1a9a6567af33eeedf1_JaffaCakes118

  • Size

    1008KB

  • Sample

    240721-qtzbhssdqc

  • MD5

    60ab9462c29fdf1a9a6567af33eeedf1

  • SHA1

    b594cb8a4e908113f431025d8d41d92711777e20

  • SHA256

    6273eac22f07ddf6ba10e2a8cb14850abd082f085c1ff003922d632dcb4b0c93

  • SHA512

    2a3549b5d118e4c050d16f0fdb123a34b87b4a0804b9f0f18b2f5703a60eb50ada03cb30e0c71dda9a0bf25f6de5d76879db65727faeee509d568416d3776610

  • SSDEEP

    6144:49yXytgk9yXytgrDvLrDvLyKimnKmn4n+nO9yXytgk9yXytgrDvLrDvLyKimnKmR:2JgvLPvLSvB+EJgvLPvLSvB+DeUjvLC

Malware Config

Extracted

Family

xtremerat

C2

kinh0.no-ip.org

kinh1.no-ip.info

Targets

    • Target

      60ab9462c29fdf1a9a6567af33eeedf1_JaffaCakes118

    • Size

      1008KB

    • MD5

      60ab9462c29fdf1a9a6567af33eeedf1

    • SHA1

      b594cb8a4e908113f431025d8d41d92711777e20

    • SHA256

      6273eac22f07ddf6ba10e2a8cb14850abd082f085c1ff003922d632dcb4b0c93

    • SHA512

      2a3549b5d118e4c050d16f0fdb123a34b87b4a0804b9f0f18b2f5703a60eb50ada03cb30e0c71dda9a0bf25f6de5d76879db65727faeee509d568416d3776610

    • SSDEEP

      6144:49yXytgk9yXytgrDvLrDvLyKimnKmn4n+nO9yXytgk9yXytgrDvLrDvLyKimnKmR:2JgvLPvLSvB+EJgvLPvLSvB+DeUjvLC

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks