General

  • Target

    a3eedfcd12b826e53b2048b93e002d5e_JaffaCakes118

  • Size

    57KB

  • Sample

    240817-yrkpcawhjm

  • MD5

    a3eedfcd12b826e53b2048b93e002d5e

  • SHA1

    624ff28f3e8f9fdafeeb847d0a886521cc876342

  • SHA256

    e720877f4d20ceaf53e96232a30939b531f4fafc1a01b92d84d171ce01679878

  • SHA512

    09ac71fee733bf887c03f068856344ac193df9e9d13ffacaba40476f5109af36a476bbd2f49de50147a0684d0b3b95ca1d9140537bdf81fbdc1f24edf959bcfa

  • SSDEEP

    1536:oTAsDTrEnCTaYyi+F4MI93aToTAgDyc5vYyfWytD1AbmypnTYTTTTTTTTTTTTTTe:CyHuMe3a01xf+kD14ZhiXoR

Malware Config

Targets

    • Target

      a3eedfcd12b826e53b2048b93e002d5e_JaffaCakes118

    • Size

      57KB

    • MD5

      a3eedfcd12b826e53b2048b93e002d5e

    • SHA1

      624ff28f3e8f9fdafeeb847d0a886521cc876342

    • SHA256

      e720877f4d20ceaf53e96232a30939b531f4fafc1a01b92d84d171ce01679878

    • SHA512

      09ac71fee733bf887c03f068856344ac193df9e9d13ffacaba40476f5109af36a476bbd2f49de50147a0684d0b3b95ca1d9140537bdf81fbdc1f24edf959bcfa

    • SSDEEP

      1536:oTAsDTrEnCTaYyi+F4MI93aToTAgDyc5vYyfWytD1AbmypnTYTTTTTTTTTTTTTTe:CyHuMe3a01xf+kD14ZhiXoR

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks