General

  • Target

    50889455dcc0026d8179a38d67782ebf_JaffaCakes118

  • Size

    165KB

  • Sample

    240716-3j847awajk

  • MD5

    50889455dcc0026d8179a38d67782ebf

  • SHA1

    f05c5a6de06381029d66fe32e4f62697d4f5268e

  • SHA256

    88ffc0a293c116c68db5b1f0866880624addfc832bf9644915b0769a1633e34a

  • SHA512

    9f85afe212e7286eec1ea1049eeed43722e8cceba64a7d7124c23fcbbd042e2f9a2012605f15cfc88fa693fd77352b449f66ede34e83ee1affb9f74a20f52d29

  • SSDEEP

    3072:q8ivezMCdpTrgJlv8XftAHS4V11DEdO9aXNu7IaNYIaEp56UCwd88/vt:Ziv4dhOJMftAHS4V11YdwadcaEhh3

Malware Config

Targets

    • Target

      50889455dcc0026d8179a38d67782ebf_JaffaCakes118

    • Size

      165KB

    • MD5

      50889455dcc0026d8179a38d67782ebf

    • SHA1

      f05c5a6de06381029d66fe32e4f62697d4f5268e

    • SHA256

      88ffc0a293c116c68db5b1f0866880624addfc832bf9644915b0769a1633e34a

    • SHA512

      9f85afe212e7286eec1ea1049eeed43722e8cceba64a7d7124c23fcbbd042e2f9a2012605f15cfc88fa693fd77352b449f66ede34e83ee1affb9f74a20f52d29

    • SSDEEP

      3072:q8ivezMCdpTrgJlv8XftAHS4V11DEdO9aXNu7IaNYIaEp56UCwd88/vt:Ziv4dhOJMftAHS4V11YdwadcaEhh3

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks