General

  • Target

    cf47df29e9045c561027be3b2a30fe74_JaffaCakes118

  • Size

    456KB

  • Sample

    241206-137dlazphz

  • MD5

    cf47df29e9045c561027be3b2a30fe74

  • SHA1

    687bda6bf9dff3bdf17d59b6c999a810b73ae474

  • SHA256

    82ab818a85445a988dc1112048c3ef1cde154d1a394eee13b0ba00bf208161ee

  • SHA512

    9741b25b498e96f56caa46a7c7a645b59713266ba1d232227b0ce33f664f1c2bc709dcc76c21434be074e4739db80be87cdb7a03d863ee5d7feba1d7a1e71b8b

  • SSDEEP

    3072:2YqZZPztvLI1lytnUpOnYLKSFdUieiZQwMIJN/fAw65XVS11I2VTn2d5ipflH4FM:2YqypOYTTeiQwMN95xI2eZ46r11B69

Malware Config

Extracted

Family

xtremerat

C2

matthieu.no-ip.biz

Targets

    • Target

      cf47df29e9045c561027be3b2a30fe74_JaffaCakes118

    • Size

      456KB

    • MD5

      cf47df29e9045c561027be3b2a30fe74

    • SHA1

      687bda6bf9dff3bdf17d59b6c999a810b73ae474

    • SHA256

      82ab818a85445a988dc1112048c3ef1cde154d1a394eee13b0ba00bf208161ee

    • SHA512

      9741b25b498e96f56caa46a7c7a645b59713266ba1d232227b0ce33f664f1c2bc709dcc76c21434be074e4739db80be87cdb7a03d863ee5d7feba1d7a1e71b8b

    • SSDEEP

      3072:2YqZZPztvLI1lytnUpOnYLKSFdUieiZQwMIJN/fAw65XVS11I2VTn2d5ipflH4FM:2YqypOYTTeiQwMN95xI2eZ46r11B69

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Xtremerat family

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks