General

  • Target

    6017ffd3d9f1384de87181a6188dfc8f_JaffaCakes118

  • Size

    170KB

  • Sample

    240720-mc639axfpn

  • MD5

    6017ffd3d9f1384de87181a6188dfc8f

  • SHA1

    42a91366eb0690d8a75fa85ba7014c396bae96ca

  • SHA256

    6694b408ab6915f466aec0b4d3c5a3cac1ba415b60f4b8f5622b5500d551dbb1

  • SHA512

    dfa4c4c2483327d51ae3895c468ee0a876e8eb233829040910a284be91e420f3134b3d51a692104f8b26c77a861cd7d096c8a6810199cf64c777a17553f43d5c

  • SSDEEP

    3072:TKEKmrDUskUVIKkAX/0L0rZmm1sJmvxHfi/R1+aJe1mgawzxsBub861jIHxownLj:TKE5IIL7JnYRUTV5nLrQLulIGsZ

Malware Config

Targets

    • Target

      6017ffd3d9f1384de87181a6188dfc8f_JaffaCakes118

    • Size

      170KB

    • MD5

      6017ffd3d9f1384de87181a6188dfc8f

    • SHA1

      42a91366eb0690d8a75fa85ba7014c396bae96ca

    • SHA256

      6694b408ab6915f466aec0b4d3c5a3cac1ba415b60f4b8f5622b5500d551dbb1

    • SHA512

      dfa4c4c2483327d51ae3895c468ee0a876e8eb233829040910a284be91e420f3134b3d51a692104f8b26c77a861cd7d096c8a6810199cf64c777a17553f43d5c

    • SSDEEP

      3072:TKEKmrDUskUVIKkAX/0L0rZmm1sJmvxHfi/R1+aJe1mgawzxsBub861jIHxownLj:TKE5IIL7JnYRUTV5nLrQLulIGsZ

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks