General

  • Target

    385cba6e76144e7fe344ca2897882087_JaffaCakes118

  • Size

    268KB

  • Sample

    240711-j7jdwszeqd

  • MD5

    385cba6e76144e7fe344ca2897882087

  • SHA1

    3c6f1fb63ad6496d16dc5dc14d4aa8271f39a446

  • SHA256

    580214a3fa3408a906fff4914bd0e1eb34d33274964e54f9a1e777228451b80b

  • SHA512

    647abdce0f5e37cd7d23e1b13936aa9ffa1af590562e3d0ee495f8a0a3c9f654f0ab18bb9d5d1eacd98eacddd2058cbc54adff71f24f24bd4859eb8704ee45ca

  • SSDEEP

    1536:fDelhADIlxhyiXSyqOQ4KiKtWByMQrj91pFhuxGK:belCIlrXSyM4tfB61pSxG

Malware Config

Targets

    • Target

      385cba6e76144e7fe344ca2897882087_JaffaCakes118

    • Size

      268KB

    • MD5

      385cba6e76144e7fe344ca2897882087

    • SHA1

      3c6f1fb63ad6496d16dc5dc14d4aa8271f39a446

    • SHA256

      580214a3fa3408a906fff4914bd0e1eb34d33274964e54f9a1e777228451b80b

    • SHA512

      647abdce0f5e37cd7d23e1b13936aa9ffa1af590562e3d0ee495f8a0a3c9f654f0ab18bb9d5d1eacd98eacddd2058cbc54adff71f24f24bd4859eb8704ee45ca

    • SSDEEP

      1536:fDelhADIlxhyiXSyqOQ4KiKtWByMQrj91pFhuxGK:belCIlrXSyM4tfB61pSxG

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks