General

  • Target

    c8c12d2ad439b971990f83e6be13ddee_JaffaCakes118

  • Size

    171KB

  • Sample

    241205-v9s7na1lem

  • MD5

    c8c12d2ad439b971990f83e6be13ddee

  • SHA1

    3f79e1bad60d4fd67da1de63b27d1d2fd9206a56

  • SHA256

    d4c1fe761bfb519ae1b14d1c80747d96d586ce4884642306baa26bb6fc0a14fb

  • SHA512

    feb0d64d6e492104823ed9351d3f3a9a61948a23cc52d0f9a91add07773945ea183e6bae65b925e18c00f48f976e78c2997b6140836ecfad8efda2c87136f598

  • SSDEEP

    3072:eNW7dEvotvXNK0+LRP8IQzsc/VFyYrnlcXU2LwvuD6SMoBOUHejaQ+Fa4dske+Km:eNW7mvIIFd0IQXWYRkL4uWdo4UHejh20

Malware Config

Extracted

Family

xtremerat

C2

mhmhaker20.no-ip.org

Targets

    • Target

      c8c12d2ad439b971990f83e6be13ddee_JaffaCakes118

    • Size

      171KB

    • MD5

      c8c12d2ad439b971990f83e6be13ddee

    • SHA1

      3f79e1bad60d4fd67da1de63b27d1d2fd9206a56

    • SHA256

      d4c1fe761bfb519ae1b14d1c80747d96d586ce4884642306baa26bb6fc0a14fb

    • SHA512

      feb0d64d6e492104823ed9351d3f3a9a61948a23cc52d0f9a91add07773945ea183e6bae65b925e18c00f48f976e78c2997b6140836ecfad8efda2c87136f598

    • SSDEEP

      3072:eNW7dEvotvXNK0+LRP8IQzsc/VFyYrnlcXU2LwvuD6SMoBOUHejaQ+Fa4dske+Km:eNW7mvIIFd0IQXWYRkL4uWdo4UHejh20

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Xtremerat family

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks