General

  • Target

    6a58f94b6553712c2f3b80174aa26051_JaffaCakes118

  • Size

    84KB

  • Sample

    241022-nzdwnavhmr

  • MD5

    6a58f94b6553712c2f3b80174aa26051

  • SHA1

    637304d1bd170f500123a212209e6931bb037f6e

  • SHA256

    a47ce9e3c73e01ff95100faef7b414d26d8570f87fce3c0c72b863847bdc3328

  • SHA512

    3891ff5aa9d0d0716d7b3fc91d890a68a4a826a7cc4aa0a61a0793b933c6f0211b84bc3477ea67145ee169aaecfd6b04daf60db4e765290f3139e24462469718

  • SSDEEP

    1536:fG2EnTramCVTJ10e9yhVugW1FAAzWCb4pqZ1m4e2ggJ0x:fynvBCVTJ10ey0gW8AzWCbmqZ8ABA

Malware Config

Extracted

Family

xtremerat

C2

qwertyuiop.no-ip.biz

Targets

    • Target

      6a58f94b6553712c2f3b80174aa26051_JaffaCakes118

    • Size

      84KB

    • MD5

      6a58f94b6553712c2f3b80174aa26051

    • SHA1

      637304d1bd170f500123a212209e6931bb037f6e

    • SHA256

      a47ce9e3c73e01ff95100faef7b414d26d8570f87fce3c0c72b863847bdc3328

    • SHA512

      3891ff5aa9d0d0716d7b3fc91d890a68a4a826a7cc4aa0a61a0793b933c6f0211b84bc3477ea67145ee169aaecfd6b04daf60db4e765290f3139e24462469718

    • SSDEEP

      1536:fG2EnTramCVTJ10e9yhVugW1FAAzWCb4pqZ1m4e2ggJ0x:fynvBCVTJ10ey0gW8AzWCbmqZ8ABA

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks