General
-
Target
a3b714a52b4b44e4059af4818bd1593a_JaffaCakes118
-
Size
952KB
-
Sample
240817-xglcfs1ckb
-
MD5
a3b714a52b4b44e4059af4818bd1593a
-
SHA1
e2e0d2418fa8e93bd6d4fbd304e49e0174f3978a
-
SHA256
c26da3a1ed4058696f6276b75e50c7c7f5ec679f2567390bbdbbcbf5aff595ab
-
SHA512
6deeefc3a22024402ad9c2360fc07a2bc28b79186ab5caf9f30fa210ddfd2c713a9944c1eca7165afc0129ad414a32cc34738eaea853d80e3f9efa8e853e0d46
-
SSDEEP
12288:ca7+7rGNrkty0fkhAlmvR7rGNrkty0fkhAMmt:cjErmyFAeRErmyFA3
Behavioral task
behavioral1
Sample
a3b714a52b4b44e4059af4818bd1593a_JaffaCakes118.exe
Resource
win7-20240705-en
Malware Config
Extracted
xtremerat
atjeorlife.no-ip.biz
Targets
-
-
Target
a3b714a52b4b44e4059af4818bd1593a_JaffaCakes118
-
Size
952KB
-
MD5
a3b714a52b4b44e4059af4818bd1593a
-
SHA1
e2e0d2418fa8e93bd6d4fbd304e49e0174f3978a
-
SHA256
c26da3a1ed4058696f6276b75e50c7c7f5ec679f2567390bbdbbcbf5aff595ab
-
SHA512
6deeefc3a22024402ad9c2360fc07a2bc28b79186ab5caf9f30fa210ddfd2c713a9944c1eca7165afc0129ad414a32cc34738eaea853d80e3f9efa8e853e0d46
-
SSDEEP
12288:ca7+7rGNrkty0fkhAlmvR7rGNrkty0fkhAMmt:cjErmyFAeRErmyFA3
-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1