General

  • Target

    61502c4fcff6c42d726d1af717f1e02a_JaffaCakes118

  • Size

    367KB

  • Sample

    240721-zfrh7atdpc

  • MD5

    61502c4fcff6c42d726d1af717f1e02a

  • SHA1

    2f6e274ccf4b7c3a4d201add13d587fa07be00e0

  • SHA256

    ac880832ad90ff00dc9389d01622348a6664e3304c1d362bc3f2b6172e05892b

  • SHA512

    9feb3e33d8b44f534c7adfe25bd52a2fdbc3d37ae3b6de77211b0ef78101de29f4baf30bcf84a6993d4b710713cb8dd172326a5251f066921192a6c81b6ccf6f

  • SSDEEP

    1536:Csq+Q1aZQuIyJp0mgA+FJI9URDoq4OZZZLlCIib4AawLPRDaq4OZZZLlONibU:rY8QoQAEJIyRD68wbzBLRDY8Fb

Malware Config

Extracted

Family

xtremerat

C2

a323.no-ip.biz

Targets

    • Target

      61502c4fcff6c42d726d1af717f1e02a_JaffaCakes118

    • Size

      367KB

    • MD5

      61502c4fcff6c42d726d1af717f1e02a

    • SHA1

      2f6e274ccf4b7c3a4d201add13d587fa07be00e0

    • SHA256

      ac880832ad90ff00dc9389d01622348a6664e3304c1d362bc3f2b6172e05892b

    • SHA512

      9feb3e33d8b44f534c7adfe25bd52a2fdbc3d37ae3b6de77211b0ef78101de29f4baf30bcf84a6993d4b710713cb8dd172326a5251f066921192a6c81b6ccf6f

    • SSDEEP

      1536:Csq+Q1aZQuIyJp0mgA+FJI9URDoq4OZZZLlCIib4AawLPRDaq4OZZZLlONibU:rY8QoQAEJIyRD68wbzBLRDY8Fb

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks