General

  • Target

    60ace43e0e465643592501a6a5484c85_JaffaCakes118

  • Size

    94KB

  • Sample

    240721-qwjc3svblq

  • MD5

    60ace43e0e465643592501a6a5484c85

  • SHA1

    a4be2574cae7ced42eeb4ac824808c41ab721a1d

  • SHA256

    62fa8a7451660cb42ff1774788737ae0e2364e0c0f0eef2c63e7a2cf55d3dcb0

  • SHA512

    87e8da5444608924e3de3f41ffe846791f9982ef077608a3c59764812b4f98d808bac88070bf93ec97f00eef1ec3e823366b4bab093db71f846e976b8160c1d1

  • SSDEEP

    1536:ELLUmBiJz0QWIeNnA/Er+Ptn1UrSSphXIHl2ddC/Wcaxg1N:0c0UeNA86FqrSSrXIlMA1/1N

Malware Config

Extracted

Family

xtremerat

C2

jooh2010.no-ip.biz

Targets

    • Target

      60ace43e0e465643592501a6a5484c85_JaffaCakes118

    • Size

      94KB

    • MD5

      60ace43e0e465643592501a6a5484c85

    • SHA1

      a4be2574cae7ced42eeb4ac824808c41ab721a1d

    • SHA256

      62fa8a7451660cb42ff1774788737ae0e2364e0c0f0eef2c63e7a2cf55d3dcb0

    • SHA512

      87e8da5444608924e3de3f41ffe846791f9982ef077608a3c59764812b4f98d808bac88070bf93ec97f00eef1ec3e823366b4bab093db71f846e976b8160c1d1

    • SSDEEP

      1536:ELLUmBiJz0QWIeNnA/Er+Ptn1UrSSphXIHl2ddC/Wcaxg1N:0c0UeNA86FqrSSrXIlMA1/1N

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks