General

  • Target

    585e2bd7813b953c56515e404d8282c8_JaffaCakes118

  • Size

    527KB

  • Sample

    240718-vz15hsyemq

  • MD5

    585e2bd7813b953c56515e404d8282c8

  • SHA1

    2afe3b9a31597215619cb8b3cb27d67051bd3d86

  • SHA256

    a872b928e824a4c6ca1f3fadbc01c2645e31e4d0774401fa8e4a8e7da6d3d366

  • SHA512

    038309e03c10e4df4f6340fa71bbd05236be5cddc84f45cf502f39cd364b8f10661060b297b9ac2ae3983da2551087db699922a25075aba5309ac949b7ca1873

  • SSDEEP

    12288:5IASBxcIe6NImzQRpLU+I0dgbdUwkfkwIVyLmg/T9cCU3:5IAsSSEDA7VykwIELTWCM

Malware Config

Targets

    • Target

      585e2bd7813b953c56515e404d8282c8_JaffaCakes118

    • Size

      527KB

    • MD5

      585e2bd7813b953c56515e404d8282c8

    • SHA1

      2afe3b9a31597215619cb8b3cb27d67051bd3d86

    • SHA256

      a872b928e824a4c6ca1f3fadbc01c2645e31e4d0774401fa8e4a8e7da6d3d366

    • SHA512

      038309e03c10e4df4f6340fa71bbd05236be5cddc84f45cf502f39cd364b8f10661060b297b9ac2ae3983da2551087db699922a25075aba5309ac949b7ca1873

    • SSDEEP

      12288:5IASBxcIe6NImzQRpLU+I0dgbdUwkfkwIVyLmg/T9cCU3:5IAsSSEDA7VykwIELTWCM

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks