General

  • Target

    593734a135beac4fbe31724c6248250f_JaffaCakes118

  • Size

    682KB

  • Sample

    241018-y1xp9swdkd

  • MD5

    593734a135beac4fbe31724c6248250f

  • SHA1

    6a59b202f34388d0ced84aa8b92ce0231b34ba42

  • SHA256

    88914e25aafe2cc4c2b7ddce992a6bf7ad74d3bb00e47621316c5a0b510de0c1

  • SHA512

    0c24dcedf4cbe0d416e2a5e983d8462b3f221ff015cae5fe15c6175555eb6c9695de919b0517315a4fb1eaa448d0e92548ff0b937880952c9e9687afe1c86ed2

  • SSDEEP

    12288:ehkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4aX1DQj:uRmJkcoQricOIQxiZY1iaXJ8

Malware Config

Extracted

Family

xtremerat

C2

hossamnolove.no-ip.org

Targets

    • Target

      593734a135beac4fbe31724c6248250f_JaffaCakes118

    • Size

      682KB

    • MD5

      593734a135beac4fbe31724c6248250f

    • SHA1

      6a59b202f34388d0ced84aa8b92ce0231b34ba42

    • SHA256

      88914e25aafe2cc4c2b7ddce992a6bf7ad74d3bb00e47621316c5a0b510de0c1

    • SHA512

      0c24dcedf4cbe0d416e2a5e983d8462b3f221ff015cae5fe15c6175555eb6c9695de919b0517315a4fb1eaa448d0e92548ff0b937880952c9e9687afe1c86ed2

    • SSDEEP

      12288:ehkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4aX1DQj:uRmJkcoQricOIQxiZY1iaXJ8

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks