General
-
Target
a51ed15ca6be35fc6ebafe88f6ea0261_JaffaCakes118
-
Size
54KB
-
Sample
240818-df3ess1gne
-
MD5
a51ed15ca6be35fc6ebafe88f6ea0261
-
SHA1
aebf80bfe447fe585f9dc15dcebd991cc67e1552
-
SHA256
f352b7fd1230f49ed8c15325317432c23c0fa117c28fb5dc37c87ce6368ea2ee
-
SHA512
94f83872ea7ec0d1f825b7dddd135696a5bc28de62f815a458708f14a3538b4beab2db97aacd2e624d4ea4498aee5420ee5051b19260895f650c95d32bb8787c
-
SSDEEP
768:YB6yZyR1Oy4BtXX5vrnTY2DjT+zIXX+qQjtyv+KspGefEl8oHNpHLv6jQUi8WeXv:YQO3BtnrDjxatyvZs4bnNhv68D8WeXv
Static task
static1
Behavioral task
behavioral1
Sample
a51ed15ca6be35fc6ebafe88f6ea0261_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
a51ed15ca6be35fc6ebafe88f6ea0261_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
xtremerat
djamel.hopto.org
Targets
-
-
Target
a51ed15ca6be35fc6ebafe88f6ea0261_JaffaCakes118
-
Size
54KB
-
MD5
a51ed15ca6be35fc6ebafe88f6ea0261
-
SHA1
aebf80bfe447fe585f9dc15dcebd991cc67e1552
-
SHA256
f352b7fd1230f49ed8c15325317432c23c0fa117c28fb5dc37c87ce6368ea2ee
-
SHA512
94f83872ea7ec0d1f825b7dddd135696a5bc28de62f815a458708f14a3538b4beab2db97aacd2e624d4ea4498aee5420ee5051b19260895f650c95d32bb8787c
-
SSDEEP
768:YB6yZyR1Oy4BtXX5vrnTY2DjT+zIXX+qQjtyv+KspGefEl8oHNpHLv6jQUi8WeXv:YQO3BtnrDjxatyvZs4bnNhv68D8WeXv
-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1