General

  • Target

    5362dfbd699bc9db369a583f2591d4a7_JaffaCakes118

  • Size

    328KB

  • Sample

    241017-yfph6asfmd

  • MD5

    5362dfbd699bc9db369a583f2591d4a7

  • SHA1

    fbbf6a0f58a8ab26dfd5b8a5b6343206a576f941

  • SHA256

    30b1efaeb361d8c466686a4e03dc134a2ed3a684fa81618ee2ec2f0d5f66a7f4

  • SHA512

    1d6da8759fcdaf4aaf832a1452631b31b82933053446ec26b2e676628fac36f0f860436eafc13624dd913fb5b18efa04b66573743ff0178723330424081e237d

  • SSDEEP

    3072:cgR3xPLuCV0FxQo86uW6j3IPDnLJey+QL3l:lHVCxQo8M6jYLL0y+QL3

Malware Config

Extracted

Family

xtremerat

C2

boika.zapto.org

Targets

    • Target

      5362dfbd699bc9db369a583f2591d4a7_JaffaCakes118

    • Size

      328KB

    • MD5

      5362dfbd699bc9db369a583f2591d4a7

    • SHA1

      fbbf6a0f58a8ab26dfd5b8a5b6343206a576f941

    • SHA256

      30b1efaeb361d8c466686a4e03dc134a2ed3a684fa81618ee2ec2f0d5f66a7f4

    • SHA512

      1d6da8759fcdaf4aaf832a1452631b31b82933053446ec26b2e676628fac36f0f860436eafc13624dd913fb5b18efa04b66573743ff0178723330424081e237d

    • SSDEEP

      3072:cgR3xPLuCV0FxQo86uW6j3IPDnLJey+QL3l:lHVCxQo8M6jYLL0y+QL3

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks