General
-
Target
a8f9bc549fdcc41d9e29ca519f7bd41a_JaffaCakes118
-
Size
40KB
-
Sample
240819-bh4drsyfmk
-
MD5
a8f9bc549fdcc41d9e29ca519f7bd41a
-
SHA1
f39843fb2fc1726f1203902f921179720e407f07
-
SHA256
a64fe3098c65a1d39c833e6a405891a8431b8ec5635470ec32166628c8fe4ba2
-
SHA512
8760b2ae873f37e7caa098bc0f05f988d45f5a85fe977df0eea599b430463c2c62ded97da3f1a376c423f044dd854f439e2ee6a8412f7d99a705b1108c9a1406
-
SSDEEP
768:6E9hghdN12Ozhiow2Gkm6+5s/pBzNBwIldvzoA:6u+zMOlw2Gkmrs/BldLoA
Malware Config
Targets
-
-
Target
a8f9bc549fdcc41d9e29ca519f7bd41a_JaffaCakes118
-
Size
40KB
-
MD5
a8f9bc549fdcc41d9e29ca519f7bd41a
-
SHA1
f39843fb2fc1726f1203902f921179720e407f07
-
SHA256
a64fe3098c65a1d39c833e6a405891a8431b8ec5635470ec32166628c8fe4ba2
-
SHA512
8760b2ae873f37e7caa098bc0f05f988d45f5a85fe977df0eea599b430463c2c62ded97da3f1a376c423f044dd854f439e2ee6a8412f7d99a705b1108c9a1406
-
SSDEEP
768:6E9hghdN12Ozhiow2Gkm6+5s/pBzNBwIldvzoA:6u+zMOlw2Gkmrs/BldLoA
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1