General
-
Target
51167457038df0db2dcb153784660d1b_JaffaCakes118
-
Size
108KB
-
Sample
240717-ctw99svbpd
-
MD5
51167457038df0db2dcb153784660d1b
-
SHA1
282cd26eabaffa1e4a1658f3083b3b69d64ced61
-
SHA256
639a35a5c1a44085911492e73a3b727b79ff0300e121c8b6f23340d957180a5a
-
SHA512
5f81de9f5199c9c2e6d7b119adf2cbe1df45dc476a90b569cd4c35a60429ed54bae5f4e31c015e3aa10f7b329e2d63a51d9e3ed499d1bef038261f6de5db3d94
-
SSDEEP
3072:rvmMSJjp4qcBXM9Bzj8tHuG4Kby38lMfQ:rvmtjp4fiLzjcl+dQ
Static task
static1
Behavioral task
behavioral1
Sample
51167457038df0db2dcb153784660d1b_JaffaCakes118.exe
Resource
win7-20240705-en
Malware Config
Extracted
xtremerat
mal3k.no-ip.org
Targets
-
-
Target
51167457038df0db2dcb153784660d1b_JaffaCakes118
-
Size
108KB
-
MD5
51167457038df0db2dcb153784660d1b
-
SHA1
282cd26eabaffa1e4a1658f3083b3b69d64ced61
-
SHA256
639a35a5c1a44085911492e73a3b727b79ff0300e121c8b6f23340d957180a5a
-
SHA512
5f81de9f5199c9c2e6d7b119adf2cbe1df45dc476a90b569cd4c35a60429ed54bae5f4e31c015e3aa10f7b329e2d63a51d9e3ed499d1bef038261f6de5db3d94
-
SSDEEP
3072:rvmMSJjp4qcBXM9Bzj8tHuG4Kby38lMfQ:rvmtjp4fiLzjcl+dQ
-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
4