General

  • Target

    36881e88e8d556688859b439d7fb269f_JaffaCakes118

  • Size

    53KB

  • Sample

    240710-1pp76asalr

  • MD5

    36881e88e8d556688859b439d7fb269f

  • SHA1

    3fe2a4172525a828d01b8c74aa20582b4cd26ec7

  • SHA256

    568585a62c02434169711c846d2fb3808c1ca9e81727a233152447500f6c2ad2

  • SHA512

    2c24c9a7474909771c522db2d9e54c8fa389696ca1c22bb7dd58a1bf0179db033365b183b000ebe3c3ac095bbfe2a17c83c5fade0dd6cf84c98aee005df1d238

  • SSDEEP

    768:jBGosmzSaYk/SnUftVqBON8Fhzl5LsX0IqSSO3vantS8YzXB1antS8YzXBsRS4Z+:zxCUftEBzhxPO3vYUFr/YUFr4pM

Malware Config

Targets

    • Target

      36881e88e8d556688859b439d7fb269f_JaffaCakes118

    • Size

      53KB

    • MD5

      36881e88e8d556688859b439d7fb269f

    • SHA1

      3fe2a4172525a828d01b8c74aa20582b4cd26ec7

    • SHA256

      568585a62c02434169711c846d2fb3808c1ca9e81727a233152447500f6c2ad2

    • SHA512

      2c24c9a7474909771c522db2d9e54c8fa389696ca1c22bb7dd58a1bf0179db033365b183b000ebe3c3ac095bbfe2a17c83c5fade0dd6cf84c98aee005df1d238

    • SSDEEP

      768:jBGosmzSaYk/SnUftVqBON8Fhzl5LsX0IqSSO3vantS8YzXB1antS8YzXBsRS4Z+:zxCUftEBzhxPO3vYUFr/YUFr4pM

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks