General

  • Target

    377cb43a5bc5647eac36dff8b3713443_JaffaCakes118

  • Size

    223KB

  • Sample

    241012-ac794awcpn

  • MD5

    377cb43a5bc5647eac36dff8b3713443

  • SHA1

    70601efc8bdbd8bd6983e5fe13017b4050d9a6b8

  • SHA256

    a505d36069a5ea5540b180f86b1ec6b64cf82d2ef2b71357f0a67611db38dd91

  • SHA512

    0595d2b3cca7fe2992df2cb5abbbdc479de871eee01d8556ca3505b79fdb5eea361a68caac8d0cec32773f2547e4c2d174d72fa62acf4451cad5b4bc1f88a33b

  • SSDEEP

    6144:6iA1MnUWO1RNRgm2rgxXv8/o7Ulppd3W/n9ZbU42l74:bAWKRNRhLu/plrdqby

Malware Config

Targets

    • Target

      377cb43a5bc5647eac36dff8b3713443_JaffaCakes118

    • Size

      223KB

    • MD5

      377cb43a5bc5647eac36dff8b3713443

    • SHA1

      70601efc8bdbd8bd6983e5fe13017b4050d9a6b8

    • SHA256

      a505d36069a5ea5540b180f86b1ec6b64cf82d2ef2b71357f0a67611db38dd91

    • SHA512

      0595d2b3cca7fe2992df2cb5abbbdc479de871eee01d8556ca3505b79fdb5eea361a68caac8d0cec32773f2547e4c2d174d72fa62acf4451cad5b4bc1f88a33b

    • SSDEEP

      6144:6iA1MnUWO1RNRgm2rgxXv8/o7Ulppd3W/n9ZbU42l74:bAWKRNRhLu/plrdqby

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks