General

  • Target

    4f3162d9a5ec91d2a30839eff5e6b7c7_JaffaCakes118

  • Size

    122KB

  • Sample

    240716-t87g8avakh

  • MD5

    4f3162d9a5ec91d2a30839eff5e6b7c7

  • SHA1

    6585f04ca819ad43449700d96cf550fe9fdd6f5e

  • SHA256

    6e83543748adff57311fd6468f8d7fda186d5ccd787d233c0af1298515e89a81

  • SHA512

    dfbad33f24c5afbd4c20de1f99d3cd9ba1cf0fc1944e4ed2c2299900997abb3274ae1a21c84358a916379b44efea0272818ee29041a3b79a55d8e198d806178c

  • SSDEEP

    3072:W6S6uZEfFj0AIFP7NI7gR2+CSofNAZ6PD/i0hTJK5:c6u2fl0bPjR2p1AYimTJ

Malware Config

Targets

    • Target

      4f3162d9a5ec91d2a30839eff5e6b7c7_JaffaCakes118

    • Size

      122KB

    • MD5

      4f3162d9a5ec91d2a30839eff5e6b7c7

    • SHA1

      6585f04ca819ad43449700d96cf550fe9fdd6f5e

    • SHA256

      6e83543748adff57311fd6468f8d7fda186d5ccd787d233c0af1298515e89a81

    • SHA512

      dfbad33f24c5afbd4c20de1f99d3cd9ba1cf0fc1944e4ed2c2299900997abb3274ae1a21c84358a916379b44efea0272818ee29041a3b79a55d8e198d806178c

    • SSDEEP

      3072:W6S6uZEfFj0AIFP7NI7gR2+CSofNAZ6PD/i0hTJK5:c6u2fl0bPjR2p1AYimTJ

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks