General

  • Target

    511828feb426f51a964f43d29c9003cf_JaffaCakes118

  • Size

    120KB

  • Sample

    240717-cwkn9a1hmk

  • MD5

    511828feb426f51a964f43d29c9003cf

  • SHA1

    4e69ae6ce0d02f44e93af4d7a831d00ef59ca133

  • SHA256

    6a11e517575bedc388aa82ab44df87cc75bd562fad8f829035e9ca11b033a52a

  • SHA512

    70487145cea2c1e9e5faf048ddd0f841015b56c80efbfc7616083fb51f6a817f5ef904c138da2f70f0557f7b00b354e850e9f28ff2ded0be51d197f689d6a299

  • SSDEEP

    768:MKTQpaDCun7wfbjfT602a0ro6oSENk3s5naQ2xWuxR/mEfFEKktKHM2Zo3GHvxlY:MKTQpuCg2EENd5aQyW0msEVbMxPm

Malware Config

Targets

    • Target

      511828feb426f51a964f43d29c9003cf_JaffaCakes118

    • Size

      120KB

    • MD5

      511828feb426f51a964f43d29c9003cf

    • SHA1

      4e69ae6ce0d02f44e93af4d7a831d00ef59ca133

    • SHA256

      6a11e517575bedc388aa82ab44df87cc75bd562fad8f829035e9ca11b033a52a

    • SHA512

      70487145cea2c1e9e5faf048ddd0f841015b56c80efbfc7616083fb51f6a817f5ef904c138da2f70f0557f7b00b354e850e9f28ff2ded0be51d197f689d6a299

    • SSDEEP

      768:MKTQpaDCun7wfbjfT602a0ro6oSENk3s5naQ2xWuxR/mEfFEKktKHM2Zo3GHvxlY:MKTQpuCg2EENd5aQyW0msEVbMxPm

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks