General

  • Target

    52ffa72dedadf8d109586d5a33dcee95_JaffaCakes118

  • Size

    417KB

  • Sample

    240717-pr24ystfjc

  • MD5

    52ffa72dedadf8d109586d5a33dcee95

  • SHA1

    c250a38327c0d817400a1bf628fb5244d6347ec2

  • SHA256

    8f779782329b8f2bfecb72532b70a3f6bc196d3e5cb096ac3790e9d3ec9921aa

  • SHA512

    73af24392b594dc2f286bcdf82eb14b749a68d509ed75445ff4502afbfe96401fea9bab2a2f1f712c7663534e2423ff71415bd5266748a2d7e0b135b0cbdcf77

  • SSDEEP

    12288:x57qSYh+Tu1lxHxCgpcAnirLS9Mm5W2aZ:n7jYhcExN0i9Msc

Malware Config

Targets

    • Target

      52ffa72dedadf8d109586d5a33dcee95_JaffaCakes118

    • Size

      417KB

    • MD5

      52ffa72dedadf8d109586d5a33dcee95

    • SHA1

      c250a38327c0d817400a1bf628fb5244d6347ec2

    • SHA256

      8f779782329b8f2bfecb72532b70a3f6bc196d3e5cb096ac3790e9d3ec9921aa

    • SHA512

      73af24392b594dc2f286bcdf82eb14b749a68d509ed75445ff4502afbfe96401fea9bab2a2f1f712c7663534e2423ff71415bd5266748a2d7e0b135b0cbdcf77

    • SSDEEP

      12288:x57qSYh+Tu1lxHxCgpcAnirLS9Mm5W2aZ:n7jYhcExN0i9Msc

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks