General

  • Target

    a38ab04cfbbe217116f1df6edf29fb95_JaffaCakes118

  • Size

    273KB

  • Sample

    240817-wg1lpsycqb

  • MD5

    a38ab04cfbbe217116f1df6edf29fb95

  • SHA1

    ff6b01d2c30b2b3b75347e9cf40f8f91fe820cce

  • SHA256

    873479926520a2c22096da51d4018c66a9610bc5dd481de8f20c2f0b18789dca

  • SHA512

    1cf3edf378630edb0cf7355d07f95c9690f3b803ed3e8f182bcecf7981488e2df7f0b7b265c9bccc493dd0f7acea9468a312fbe217bfa93484b6e92cd39bb3ad

  • SSDEEP

    3072:zxexkMNY+4n8iVMMSJ3Gso2APwDDzThAzNtVsYk2OA7LVwskRFUYvZMQLWEeMPwN:16k/+4nNvvvIDX92LkvUlEoSMK0T26

Malware Config

Extracted

Family

xtremerat

C2

lepra.sytes.net

Targets

    • Target

      a38ab04cfbbe217116f1df6edf29fb95_JaffaCakes118

    • Size

      273KB

    • MD5

      a38ab04cfbbe217116f1df6edf29fb95

    • SHA1

      ff6b01d2c30b2b3b75347e9cf40f8f91fe820cce

    • SHA256

      873479926520a2c22096da51d4018c66a9610bc5dd481de8f20c2f0b18789dca

    • SHA512

      1cf3edf378630edb0cf7355d07f95c9690f3b803ed3e8f182bcecf7981488e2df7f0b7b265c9bccc493dd0f7acea9468a312fbe217bfa93484b6e92cd39bb3ad

    • SSDEEP

      3072:zxexkMNY+4n8iVMMSJ3Gso2APwDDzThAzNtVsYk2OA7LVwskRFUYvZMQLWEeMPwN:16k/+4nNvvvIDX92LkvUlEoSMK0T26

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks