General
-
Target
09f047a6d071e09e1b0e0c694b80f1d7_JaffaCakes118
-
Size
359KB
-
Sample
240624-wdd9asxhjm
-
MD5
09f047a6d071e09e1b0e0c694b80f1d7
-
SHA1
b89063cc88a20972d12b5acf12b66e486ba9f707
-
SHA256
5f99c57306396751d427291cb3db1a56fa25a715e5889fa16223f02e36db551a
-
SHA512
76b464be11411539c9c614fa788e610268c679eafb232bd4e83c40a6d3e1f34fd6f861ec37de82a54de2b7b9f92d7fdc406f9ee077f575910c41911cfa49540d
-
SSDEEP
6144:U0KoS4DZ3A+E0I8IQB2vI1CDitFuZtzzk7fPxSnyVNck/iPJgsROBe/h+1HNX46w:UdoS493ACIl7vI1kiqHNnyVek/a4AmH8
Malware Config
Targets
-
-
Target
09f047a6d071e09e1b0e0c694b80f1d7_JaffaCakes118
-
Size
359KB
-
MD5
09f047a6d071e09e1b0e0c694b80f1d7
-
SHA1
b89063cc88a20972d12b5acf12b66e486ba9f707
-
SHA256
5f99c57306396751d427291cb3db1a56fa25a715e5889fa16223f02e36db551a
-
SHA512
76b464be11411539c9c614fa788e610268c679eafb232bd4e83c40a6d3e1f34fd6f861ec37de82a54de2b7b9f92d7fdc406f9ee077f575910c41911cfa49540d
-
SSDEEP
6144:U0KoS4DZ3A+E0I8IQB2vI1CDitFuZtzzk7fPxSnyVNck/iPJgsROBe/h+1HNX46w:UdoS493ACIl7vI1kiqHNnyVek/a4AmH8
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Deletes itself
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-