General

  • Target

    5a20504cee20faa9b49cc17601a028f5_JaffaCakes118

  • Size

    111KB

  • Sample

    240719-c49y4ssbla

  • MD5

    5a20504cee20faa9b49cc17601a028f5

  • SHA1

    f542fc73657ffd41ac5958e84a07115bf336c6d3

  • SHA256

    7b549fb19246fd999a7781dd854b9a4325adcac1bb158b9043519a0cebaffd10

  • SHA512

    2a22fc88da4b963c06b9ed0561cf42cd8935581e7a31857aaa806bd02d10d1791e155014e58576a0db227e8090578ca50765d8cc4b10a802205eb50494afdddc

  • SSDEEP

    1536:gZW7LhSyuZh5IZpScr01+ga3XVMWB9fMcqhyLFkr/nyTkBXQmbUmb6:gkLcoScg1banKdBkZkr/nfBXQqUW6

Malware Config

Targets

    • Target

      5a20504cee20faa9b49cc17601a028f5_JaffaCakes118

    • Size

      111KB

    • MD5

      5a20504cee20faa9b49cc17601a028f5

    • SHA1

      f542fc73657ffd41ac5958e84a07115bf336c6d3

    • SHA256

      7b549fb19246fd999a7781dd854b9a4325adcac1bb158b9043519a0cebaffd10

    • SHA512

      2a22fc88da4b963c06b9ed0561cf42cd8935581e7a31857aaa806bd02d10d1791e155014e58576a0db227e8090578ca50765d8cc4b10a802205eb50494afdddc

    • SSDEEP

      1536:gZW7LhSyuZh5IZpScr01+ga3XVMWB9fMcqhyLFkr/nyTkBXQmbUmb6:gkLcoScg1banKdBkZkr/nfBXQqUW6

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks