General

  • Target

    d1aaf9fd2e4767dfe82eb888c4205b1e_JaffaCakes118

  • Size

    456KB

  • Sample

    241207-k568ls1qap

  • MD5

    d1aaf9fd2e4767dfe82eb888c4205b1e

  • SHA1

    e010adfd5ffd743314e80189a345dcba195ca486

  • SHA256

    b0045ea20acb65e758d1b076296a6f88a507085f4c3e868a71e0b841dc9c7fd9

  • SHA512

    b057aa0b027956599ae0d9513590f4680b5cff4ad447463f944ec6d4bb141b528b3d318cdf78b49db8f25fddd914af2d8fe4948fdf06e706919a6581eedc017e

  • SSDEEP

    3072:Thx1WtfihHHF9ruyAWrmkJIC8xVL9ejFif5dJElWwnt/FlMTpTC1w+5SB7YhIYCI:n8fmw+7hG6w1F

Malware Config

Extracted

Family

xtremerat

C2

crazyguyz.no-ip.org

Targets

    • Target

      d1aaf9fd2e4767dfe82eb888c4205b1e_JaffaCakes118

    • Size

      456KB

    • MD5

      d1aaf9fd2e4767dfe82eb888c4205b1e

    • SHA1

      e010adfd5ffd743314e80189a345dcba195ca486

    • SHA256

      b0045ea20acb65e758d1b076296a6f88a507085f4c3e868a71e0b841dc9c7fd9

    • SHA512

      b057aa0b027956599ae0d9513590f4680b5cff4ad447463f944ec6d4bb141b528b3d318cdf78b49db8f25fddd914af2d8fe4948fdf06e706919a6581eedc017e

    • SSDEEP

      3072:Thx1WtfihHHF9ruyAWrmkJIC8xVL9ejFif5dJElWwnt/FlMTpTC1w+5SB7YhIYCI:n8fmw+7hG6w1F

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Xtremerat family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks