General
-
Target
a69c3618aaf363b55138f9a49c0e6e95_JaffaCakes118
-
Size
204KB
-
Sample
240818-nmtrca1hnf
-
MD5
a69c3618aaf363b55138f9a49c0e6e95
-
SHA1
2d8d112036dd88936136c230f5d01d5c5d28583c
-
SHA256
ea6d1c2f2c8ea487bdafb2f6500c8f287b9911a57c352b43959ab4ee5de31c0e
-
SHA512
c89bb8287af2bfead9739b9b71f0e00fdb2cfe234b0741f16cd69094b50c1788b4895b09855fdc6f0b0ffd41a1d08622b2c2f76a48cf397f70bb35e101fe8a1c
-
SSDEEP
1536:3DYqvv31W+yguAiQ/cBJWumC7ZRtSjGN46XdJBm/V+nyBSuB456HbIanHya08g:/NlfiQUShCHJUdyvuBjMaHy1R
Static task
static1
Behavioral task
behavioral1
Sample
a69c3618aaf363b55138f9a49c0e6e95_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Extracted
xtremerat
tnx2x.no-ip.biz
Targets
-
-
Target
a69c3618aaf363b55138f9a49c0e6e95_JaffaCakes118
-
Size
204KB
-
MD5
a69c3618aaf363b55138f9a49c0e6e95
-
SHA1
2d8d112036dd88936136c230f5d01d5c5d28583c
-
SHA256
ea6d1c2f2c8ea487bdafb2f6500c8f287b9911a57c352b43959ab4ee5de31c0e
-
SHA512
c89bb8287af2bfead9739b9b71f0e00fdb2cfe234b0741f16cd69094b50c1788b4895b09855fdc6f0b0ffd41a1d08622b2c2f76a48cf397f70bb35e101fe8a1c
-
SSDEEP
1536:3DYqvv31W+yguAiQ/cBJWumC7ZRtSjGN46XdJBm/V+nyBSuB456HbIanHya08g:/NlfiQUShCHJUdyvuBjMaHy1R
-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1