General
-
Target
73b6b9bac022509c158065e7c8c1a642_JaffaCakes118
-
Size
107KB
-
Sample
240726-mshqlawere
-
MD5
73b6b9bac022509c158065e7c8c1a642
-
SHA1
47ecfd3637832b18a3453a76b3376c624de14185
-
SHA256
095309f279adf0f20628cb44d1b0cfee89a188d9631ff3d56287b17756a1554e
-
SHA512
2e95d9ceb52e2f7d2701f59082c181210fcc219a6200ed9889e58edbcd06d12f5e035fcac781bf4c36d7230ebed0e479b13778a0f1f1480d1a5672dd40634017
-
SSDEEP
1536:vSRKvgtx1lr6an/Tz2vm2FuQUy5XXuSbCVTjmy5XXuSbCV6jXow:vSRKI732z5XD2d5XDDXow
Malware Config
Targets
-
-
Target
73b6b9bac022509c158065e7c8c1a642_JaffaCakes118
-
Size
107KB
-
MD5
73b6b9bac022509c158065e7c8c1a642
-
SHA1
47ecfd3637832b18a3453a76b3376c624de14185
-
SHA256
095309f279adf0f20628cb44d1b0cfee89a188d9631ff3d56287b17756a1554e
-
SHA512
2e95d9ceb52e2f7d2701f59082c181210fcc219a6200ed9889e58edbcd06d12f5e035fcac781bf4c36d7230ebed0e479b13778a0f1f1480d1a5672dd40634017
-
SSDEEP
1536:vSRKvgtx1lr6an/Tz2vm2FuQUy5XXuSbCVTjmy5XXuSbCV6jXow:vSRKI732z5XD2d5XDDXow
Score10/10-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1