General

  • Target

    629de1beb82540673182df341303f011_JaffaCakes118

  • Size

    241KB

  • Sample

    240722-kzz74szckm

  • MD5

    629de1beb82540673182df341303f011

  • SHA1

    fe1d3ace02e5ba268620f02b85946e59ceb88b75

  • SHA256

    52819530aa3f9c9aff2b4d2cb45979ee1ce9b40ee1d5d0bf60d5a7ec4c602192

  • SHA512

    1004d75c8449e11e1ecad911ef62f6bae09926680633834f4ec7c4cb36a4ff13457857b906cbcf9a360751a59271f056c890f685abe77d7c3996054809d74768

  • SSDEEP

    6144:Do05l2OnL4OZQM6RRUSEATQLIfEATQLI99G8fHygE:Dr2O8OSMlxATQXATQufHPE

Malware Config

Targets

    • Target

      629de1beb82540673182df341303f011_JaffaCakes118

    • Size

      241KB

    • MD5

      629de1beb82540673182df341303f011

    • SHA1

      fe1d3ace02e5ba268620f02b85946e59ceb88b75

    • SHA256

      52819530aa3f9c9aff2b4d2cb45979ee1ce9b40ee1d5d0bf60d5a7ec4c602192

    • SHA512

      1004d75c8449e11e1ecad911ef62f6bae09926680633834f4ec7c4cb36a4ff13457857b906cbcf9a360751a59271f056c890f685abe77d7c3996054809d74768

    • SSDEEP

      6144:Do05l2OnL4OZQM6RRUSEATQLIfEATQLI99G8fHygE:Dr2O8OSMlxATQXATQufHPE

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks