General

  • Target

    621e48696f3f12dd2636d7631c438912_JaffaCakes118

  • Size

    743KB

  • Sample

    240722-a691sawbrp

  • MD5

    621e48696f3f12dd2636d7631c438912

  • SHA1

    546163c28baddab9edff519d5095f38896e51eb7

  • SHA256

    776fa37820b88590edcff47281c8492d62df4604e8c7d737bd62a7c18fe8c509

  • SHA512

    a0516edb9a23663f60889e815ad6991ba9bf5d257c1f5b68cc5baa595326463141b4d0f0fbb9b4108e333fcc68bb9dc3e9ce729eed94f059c183d60b141fa9ba

  • SSDEEP

    12288:q1jf/p9Rw0/QwBKzXR+Ye0tQo3IxDrbJtQoidjUxej0xB2EVSszrdjJYHVigiuv+:qF/pLw+nQBeo36rbJtQvVQ2WSQ98a3ui

Malware Config

Targets

    • Target

      621e48696f3f12dd2636d7631c438912_JaffaCakes118

    • Size

      743KB

    • MD5

      621e48696f3f12dd2636d7631c438912

    • SHA1

      546163c28baddab9edff519d5095f38896e51eb7

    • SHA256

      776fa37820b88590edcff47281c8492d62df4604e8c7d737bd62a7c18fe8c509

    • SHA512

      a0516edb9a23663f60889e815ad6991ba9bf5d257c1f5b68cc5baa595326463141b4d0f0fbb9b4108e333fcc68bb9dc3e9ce729eed94f059c183d60b141fa9ba

    • SSDEEP

      12288:q1jf/p9Rw0/QwBKzXR+Ye0tQo3IxDrbJtQoidjUxej0xB2EVSszrdjJYHVigiuv+:qF/pLw+nQBeo36rbJtQvVQ2WSQ98a3ui

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks