General

  • Target

    d9a7217dc9e564ec15aa4493f59eb421_JaffaCakes118

  • Size

    108KB

  • Sample

    241209-ps5lgasldk

  • MD5

    d9a7217dc9e564ec15aa4493f59eb421

  • SHA1

    dc1df3091604963da901166c9fef3d38aadc355d

  • SHA256

    3c13016cf0957a91fe2040db0658d3216c1221ccb60567d529230b6df7bd4834

  • SHA512

    ca43221a8164e44ade213dda463314f3d8420197c1f65a414b9ef3e4d208a555357c194b86391de6a2a9835f5068c1ac3ec7d03b53a2046ba4d0c5a24881524c

  • SSDEEP

    3072:jqdudwV4GeIuGnjHACtBIMAAPtix/XqecJ/36:WdudW4GeIVLACtBuJwZ36

Malware Config

Extracted

Family

xtremerat

C2

black100.no-ip.biz

cantstop.no-ip.biz

Targets

    • Target

      d9a7217dc9e564ec15aa4493f59eb421_JaffaCakes118

    • Size

      108KB

    • MD5

      d9a7217dc9e564ec15aa4493f59eb421

    • SHA1

      dc1df3091604963da901166c9fef3d38aadc355d

    • SHA256

      3c13016cf0957a91fe2040db0658d3216c1221ccb60567d529230b6df7bd4834

    • SHA512

      ca43221a8164e44ade213dda463314f3d8420197c1f65a414b9ef3e4d208a555357c194b86391de6a2a9835f5068c1ac3ec7d03b53a2046ba4d0c5a24881524c

    • SSDEEP

      3072:jqdudwV4GeIuGnjHACtBIMAAPtix/XqecJ/36:WdudW4GeIVLACtBuJwZ36

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Xtremerat family

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks