General

  • Target

    31aa79e3f13fb921c5c82f99b2be43b0_JaffaCakes118

  • Size

    645KB

  • Sample

    241010-y3x4tavcrc

  • MD5

    31aa79e3f13fb921c5c82f99b2be43b0

  • SHA1

    8c0d87f13c4bdd9ceb5d6da4c8d25ed8505a66a0

  • SHA256

    6de0b43d0a69e1c44569ec42316823f65696e29c11fd4db771264e66222947ea

  • SHA512

    380c5aa5b51816247b4709c327c31f91f9b14a44c534c9bac30a36c7030e4c5d5ba20d46faa05e5e76fff0d7a647a020868a6b3a7c41da8f857ecf41b158ac54

  • SSDEEP

    12288:VQZuOro7YNQN2YcKify3iC8ut0i1oQjUZbvFFF/Dr5uiuF4:VnPwQgsiK3AcIXFFf5uiuF4

Malware Config

Extracted

Family

xtremerat

C2

nando1.no-ip.org

Targets

    • Target

      31aa79e3f13fb921c5c82f99b2be43b0_JaffaCakes118

    • Size

      645KB

    • MD5

      31aa79e3f13fb921c5c82f99b2be43b0

    • SHA1

      8c0d87f13c4bdd9ceb5d6da4c8d25ed8505a66a0

    • SHA256

      6de0b43d0a69e1c44569ec42316823f65696e29c11fd4db771264e66222947ea

    • SHA512

      380c5aa5b51816247b4709c327c31f91f9b14a44c534c9bac30a36c7030e4c5d5ba20d46faa05e5e76fff0d7a647a020868a6b3a7c41da8f857ecf41b158ac54

    • SSDEEP

      12288:VQZuOro7YNQN2YcKify3iC8ut0i1oQjUZbvFFF/Dr5uiuF4:VnPwQgsiK3AcIXFFf5uiuF4

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks