General

  • Target

    3f3cd2798a290e727c55e0672e6813d7_JaffaCakes118

  • Size

    123KB

  • Sample

    240712-24gd8svcjm

  • MD5

    3f3cd2798a290e727c55e0672e6813d7

  • SHA1

    b09d3a12b31d2ed05b8aaba761c717a12e7d52cc

  • SHA256

    7805b92020af25bcf453307b01f0344d2a5ccfbb50324e6595cef4d67f5b85b4

  • SHA512

    2f1a75af398135b2cacaf4d04ae563e892ed5e31b318ae568fe0f2da2c22b7f3513fdb31899e7f47fad672cb249bea110d2cb052fdfa2c4125640a3653b059ee

  • SSDEEP

    3072:rzaQgx1STGfaL1XjyIlRBhbQG/l5DYKLckZzIcZob:rzaQg3l4Xv9/Xn7o

Malware Config

Targets

    • Target

      3f3cd2798a290e727c55e0672e6813d7_JaffaCakes118

    • Size

      123KB

    • MD5

      3f3cd2798a290e727c55e0672e6813d7

    • SHA1

      b09d3a12b31d2ed05b8aaba761c717a12e7d52cc

    • SHA256

      7805b92020af25bcf453307b01f0344d2a5ccfbb50324e6595cef4d67f5b85b4

    • SHA512

      2f1a75af398135b2cacaf4d04ae563e892ed5e31b318ae568fe0f2da2c22b7f3513fdb31899e7f47fad672cb249bea110d2cb052fdfa2c4125640a3653b059ee

    • SSDEEP

      3072:rzaQgx1STGfaL1XjyIlRBhbQG/l5DYKLckZzIcZob:rzaQg3l4Xv9/Xn7o

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Deletes itself

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks