General

  • Target

    590433f876b83b78efb954900371c41c_JaffaCakes118

  • Size

    312KB

  • Sample

    241018-xry2astbpf

  • MD5

    590433f876b83b78efb954900371c41c

  • SHA1

    463f5a14a3165f77cd86011e123c783f5e0392df

  • SHA256

    1bcf7ab9df0b2e8906a7f6ef06dcb2692130d0c6ccd387b1affd9e0780f037fe

  • SHA512

    7da39ff77cd6c2e7fc6d1b76231662b6e604890176cd238284aa7f9684cd509f53cce2a5a36293c404d90d3caa0b91841cddc39f27f05d75aee95234e16ef306

  • SSDEEP

    6144:KxK3EdhAcBWEEb/pKoG2uZOX6/78EHvlHxPgEN5K6zZLo6:9dGWEw/prGtYTatRoI5K6z9t

Malware Config

Extracted

Family

xtremerat

C2

iuyfdsghj.myvnc.com

Targets

    • Target

      590433f876b83b78efb954900371c41c_JaffaCakes118

    • Size

      312KB

    • MD5

      590433f876b83b78efb954900371c41c

    • SHA1

      463f5a14a3165f77cd86011e123c783f5e0392df

    • SHA256

      1bcf7ab9df0b2e8906a7f6ef06dcb2692130d0c6ccd387b1affd9e0780f037fe

    • SHA512

      7da39ff77cd6c2e7fc6d1b76231662b6e604890176cd238284aa7f9684cd509f53cce2a5a36293c404d90d3caa0b91841cddc39f27f05d75aee95234e16ef306

    • SSDEEP

      6144:KxK3EdhAcBWEEb/pKoG2uZOX6/78EHvlHxPgEN5K6zZLo6:9dGWEw/prGtYTatRoI5K6z9t

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks