General
-
Target
c15a97e372086d47aec3a27589dd151e_JaffaCakes118
-
Size
165KB
-
Sample
240825-xge6fa1akn
-
MD5
c15a97e372086d47aec3a27589dd151e
-
SHA1
652f5ecbd67f4eac19848700c368c1102f7b91f0
-
SHA256
eed4a413763b7a54a5b66b7640e05fea4f76c59f8fdf4302b2bad7b20e974e73
-
SHA512
be2dd2dbc01bb1db52ac9bcc1022a46a69ce2ea50ba3f54d1477dcd32e773de161e6ea5b2952e3c4ccddd8d681c94dfbade70209f9f4f56f49bef11bacd9e1cd
-
SSDEEP
3072:fpCu9NrTll4O/y6vO1OWFWACZ+7bbHYsYnAnffmYwSj/iMjubHoH:RTPAXX7YEfOYw2iTbHk
Malware Config
Targets
-
-
Target
c15a97e372086d47aec3a27589dd151e_JaffaCakes118
-
Size
165KB
-
MD5
c15a97e372086d47aec3a27589dd151e
-
SHA1
652f5ecbd67f4eac19848700c368c1102f7b91f0
-
SHA256
eed4a413763b7a54a5b66b7640e05fea4f76c59f8fdf4302b2bad7b20e974e73
-
SHA512
be2dd2dbc01bb1db52ac9bcc1022a46a69ce2ea50ba3f54d1477dcd32e773de161e6ea5b2952e3c4ccddd8d681c94dfbade70209f9f4f56f49bef11bacd9e1cd
-
SSDEEP
3072:fpCu9NrTll4O/y6vO1OWFWACZ+7bbHYsYnAnffmYwSj/iMjubHoH:RTPAXX7YEfOYw2iTbHk
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1