General

  • Target

    d94993f5de32a5e4fa409c543231c9e0_JaffaCakes118

  • Size

    756KB

  • Sample

    241209-m32apazmdp

  • MD5

    d94993f5de32a5e4fa409c543231c9e0

  • SHA1

    41b4eee0c49086e7194dd4c9a32f4164b6909fa6

  • SHA256

    cea86211416777d63d51af1a9110b4d47a66a4cd1d1c29c66383c71e64f8cfaf

  • SHA512

    4fe8b39e8241b8258e6acc89aa2cc55f78eaf7152a4b4a8b16e9b33320e8ceb24461b92c2a7874300af7d9625e74306ed41b941ffcb7130a52689c9c546f354d

  • SSDEEP

    6144:ajYk6uqCv2D6QVybFmMVSd6hqgIyIXkoYgnETmUZ0X+krjEmOSDeQEB0pIqOrIEi:VluZv2G7b7IyIGEITUHR

Malware Config

Extracted

Family

xtremerat

C2

rezzknight33.zapto.org

Targets

    • Target

      d94993f5de32a5e4fa409c543231c9e0_JaffaCakes118

    • Size

      756KB

    • MD5

      d94993f5de32a5e4fa409c543231c9e0

    • SHA1

      41b4eee0c49086e7194dd4c9a32f4164b6909fa6

    • SHA256

      cea86211416777d63d51af1a9110b4d47a66a4cd1d1c29c66383c71e64f8cfaf

    • SHA512

      4fe8b39e8241b8258e6acc89aa2cc55f78eaf7152a4b4a8b16e9b33320e8ceb24461b92c2a7874300af7d9625e74306ed41b941ffcb7130a52689c9c546f354d

    • SSDEEP

      6144:ajYk6uqCv2D6QVybFmMVSd6hqgIyIXkoYgnETmUZ0X+krjEmOSDeQEB0pIqOrIEi:VluZv2G7b7IyIGEITUHR

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Xtremerat family

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks