General

  • Target

    5f8892d7d84773f3c53187e2737df189_JaffaCakes118

  • Size

    188KB

  • Sample

    240720-h458tasapm

  • MD5

    5f8892d7d84773f3c53187e2737df189

  • SHA1

    f0024dc0a59afb0929a96f1ff8f8b6c9b166dbeb

  • SHA256

    1cc1e551908272f70fc40bdfa035df3c546a8495c84cd55c2ed1e64579da39c9

  • SHA512

    0de13eb614ff96a22079a394fc65db4b6f9df6517130a8fa18fac2c526702c58953a0ce32a2b51d32d5fb1e42acb54c3a1f7612622eefe05c420fcd28849a9c6

  • SSDEEP

    3072:mNw+O2cVvUGZ76l/sIz/fnCfQU8b17KDCmPeiAxOfJFc5OoVuwYJ6ZgCkojWj1yc:v+OjVjul/l/fCfiJ7SPeiqguruNJZzoC

Malware Config

Targets

    • Target

      5f8892d7d84773f3c53187e2737df189_JaffaCakes118

    • Size

      188KB

    • MD5

      5f8892d7d84773f3c53187e2737df189

    • SHA1

      f0024dc0a59afb0929a96f1ff8f8b6c9b166dbeb

    • SHA256

      1cc1e551908272f70fc40bdfa035df3c546a8495c84cd55c2ed1e64579da39c9

    • SHA512

      0de13eb614ff96a22079a394fc65db4b6f9df6517130a8fa18fac2c526702c58953a0ce32a2b51d32d5fb1e42acb54c3a1f7612622eefe05c420fcd28849a9c6

    • SSDEEP

      3072:mNw+O2cVvUGZ76l/sIz/fnCfQU8b17KDCmPeiAxOfJFc5OoVuwYJ6ZgCkojWj1yc:v+OjVjul/l/fCfiJ7SPeiqguruNJZzoC

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Disables Task Manager via registry modification

    • Uses the VBS compiler for execution

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks