General

  • Target

    32752f4c0ec05722e72aa55704c348e1_JaffaCakes118

  • Size

    403KB

  • Sample

    241011-anglhsvcqh

  • MD5

    32752f4c0ec05722e72aa55704c348e1

  • SHA1

    81c7dc96b47b1fac403205e5d401188c1894cf3d

  • SHA256

    41f1724569f28ceea96bdfaad8b39b18aa14e23660f9954f17c9095839207563

  • SHA512

    b1f7c15c7274f80782f36a62f1dd0c31bb4ad21988cd969ebb7bf1615bb8ca042b3e8e9b5a76fb048a2629eb926f3cc124b7e3c32fe417158bb953cfb83b8f9f

  • SSDEEP

    6144:xs3oUvz4ZEoJNu1v/CCaeC0Tgi6ReN06oB:xstL4ZI7bjTgnZ

Malware Config

Extracted

Family

xtremerat

C2

trydrv.dydns.org

Targets

    • Target

      32752f4c0ec05722e72aa55704c348e1_JaffaCakes118

    • Size

      403KB

    • MD5

      32752f4c0ec05722e72aa55704c348e1

    • SHA1

      81c7dc96b47b1fac403205e5d401188c1894cf3d

    • SHA256

      41f1724569f28ceea96bdfaad8b39b18aa14e23660f9954f17c9095839207563

    • SHA512

      b1f7c15c7274f80782f36a62f1dd0c31bb4ad21988cd969ebb7bf1615bb8ca042b3e8e9b5a76fb048a2629eb926f3cc124b7e3c32fe417158bb953cfb83b8f9f

    • SSDEEP

      6144:xs3oUvz4ZEoJNu1v/CCaeC0Tgi6ReN06oB:xstL4ZI7bjTgnZ

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks