General

  • Target

    5f3e286a16ca52c8b87584b30a926bd2_JaffaCakes118

  • Size

    62KB

  • Sample

    240720-gex1gasdlh

  • MD5

    5f3e286a16ca52c8b87584b30a926bd2

  • SHA1

    6940256aa6547c9305d56ebf391c4f968ca77936

  • SHA256

    6a7753bbd7783922436f095e7d7033ead4b227b94715f2023fd275333633b4a8

  • SHA512

    a46e9a20422cd73d8a6c1b99f32056c00a484d4719c57531332d4b39023e0c8e1cb39f41dc099a8ec439324a1428f5f94c1a12aef5ec6db95d4514cd14c3eb32

  • SSDEEP

    1536:jzTVANrFutvJIqiZ3ekex5zo3hrhF9N/8VTxAgQ9:LVANRqv23eV503hH/oTxAH9

Malware Config

Targets

    • Target

      5f3e286a16ca52c8b87584b30a926bd2_JaffaCakes118

    • Size

      62KB

    • MD5

      5f3e286a16ca52c8b87584b30a926bd2

    • SHA1

      6940256aa6547c9305d56ebf391c4f968ca77936

    • SHA256

      6a7753bbd7783922436f095e7d7033ead4b227b94715f2023fd275333633b4a8

    • SHA512

      a46e9a20422cd73d8a6c1b99f32056c00a484d4719c57531332d4b39023e0c8e1cb39f41dc099a8ec439324a1428f5f94c1a12aef5ec6db95d4514cd14c3eb32

    • SSDEEP

      1536:jzTVANrFutvJIqiZ3ekex5zo3hrhF9N/8VTxAgQ9:LVANRqv23eV503hH/oTxAH9

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks