General
-
Target
a631126865d72e0043308cc884d771ec_JaffaCakes118
-
Size
243KB
-
Sample
240818-k4xb1swfnc
-
MD5
a631126865d72e0043308cc884d771ec
-
SHA1
d33a9bde06fb5a5c2d78a1879cbd9cef39f652a5
-
SHA256
c3209cd12c0fa82a4184ed62118446f50213df386b2b925708eae4514f16f736
-
SHA512
153d0d210c205dfd6b1f25d02d4c9c10ada0f837030b91604a06ac3428dc93f6c9784d355ee3bd24a1090d60f4a1b561dc3953e30fc96edacae5b0be8c2daedf
-
SSDEEP
3072:XFd2Afoka0uMMGYmKlMCJ+UrxkCkK9a7+Z3wCYdj8vK1HDvhk1eSkDyfCnewUmGS:1jQwuYKs7M3jvEu1nkaCneT3NmEQd
Static task
static1
Behavioral task
behavioral1
Sample
a631126865d72e0043308cc884d771ec_JaffaCakes118.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
a631126865d72e0043308cc884d771ec_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
xtremerat
umtakcicek.dyndns.org
ࠁ谀umtakcicek.dyndns.org
Targets
-
-
Target
a631126865d72e0043308cc884d771ec_JaffaCakes118
-
Size
243KB
-
MD5
a631126865d72e0043308cc884d771ec
-
SHA1
d33a9bde06fb5a5c2d78a1879cbd9cef39f652a5
-
SHA256
c3209cd12c0fa82a4184ed62118446f50213df386b2b925708eae4514f16f736
-
SHA512
153d0d210c205dfd6b1f25d02d4c9c10ada0f837030b91604a06ac3428dc93f6c9784d355ee3bd24a1090d60f4a1b561dc3953e30fc96edacae5b0be8c2daedf
-
SSDEEP
3072:XFd2Afoka0uMMGYmKlMCJ+UrxkCkK9a7+Z3wCYdj8vK1HDvhk1eSkDyfCnewUmGS:1jQwuYKs7M3jvEu1nkaCneT3NmEQd
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1