General

  • Target

    a4e463031ef4f48b697b07d74beec04c_JaffaCakes118

  • Size

    660KB

  • Sample

    240818-b3yzsayckd

  • MD5

    a4e463031ef4f48b697b07d74beec04c

  • SHA1

    b83540a532ce919ea7131130985618e55a6b7016

  • SHA256

    49c5a1e2801df9971f193834d23de7c2be2530c5a411207aae7ea205927d0e37

  • SHA512

    c54247f2c637e8e081eb64da034b947c86212408fe71abbfeeabc1c6168c00a4fe12369dfddf8e18749252f17e9268b9fd802d0859c47544e67bb4d535af26c8

  • SSDEEP

    12288:VagQFev7+0N1RUFtE2qv7+0N1RjAuLJqec:HQYvaKRUrqvaKR8X

Malware Config

Extracted

Family

xtremerat

C2

drdivil.no-ip.biz

Targets

    • Target

      a4e463031ef4f48b697b07d74beec04c_JaffaCakes118

    • Size

      660KB

    • MD5

      a4e463031ef4f48b697b07d74beec04c

    • SHA1

      b83540a532ce919ea7131130985618e55a6b7016

    • SHA256

      49c5a1e2801df9971f193834d23de7c2be2530c5a411207aae7ea205927d0e37

    • SHA512

      c54247f2c637e8e081eb64da034b947c86212408fe71abbfeeabc1c6168c00a4fe12369dfddf8e18749252f17e9268b9fd802d0859c47544e67bb4d535af26c8

    • SSDEEP

      12288:VagQFev7+0N1RUFtE2qv7+0N1RjAuLJqec:HQYvaKRUrqvaKR8X

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks