General
-
Target
ff683cbb46b84393f3862761ae8086ae_JaffaCakes118
-
Size
204KB
-
Sample
240929-2g86qsxekg
-
MD5
ff683cbb46b84393f3862761ae8086ae
-
SHA1
8b8f860d76694cefbd1dcbfdb6c23fce72074cf8
-
SHA256
3122f8723f95ac0f59cb32083e7c57c216ae2912ec324a13f86b10366d5dd85e
-
SHA512
b22181097c597a82f7f3524c270c6f8674567f29b3d8e944cba388d7060497a977da6dff5ee809da9093609d6c63fa49da7becc9beb9069ee115c78159eeb347
-
SSDEEP
3072:CrPY2zbiv6xSxtc8eHsnuREpbFIV8PH17+95e9+CgHlCluGO2KOSLgk5yGqO3N:CrPY2zbiSxe2/EpBIeH17LvOeKRqaN
Malware Config
Targets
-
-
Target
ff683cbb46b84393f3862761ae8086ae_JaffaCakes118
-
Size
204KB
-
MD5
ff683cbb46b84393f3862761ae8086ae
-
SHA1
8b8f860d76694cefbd1dcbfdb6c23fce72074cf8
-
SHA256
3122f8723f95ac0f59cb32083e7c57c216ae2912ec324a13f86b10366d5dd85e
-
SHA512
b22181097c597a82f7f3524c270c6f8674567f29b3d8e944cba388d7060497a977da6dff5ee809da9093609d6c63fa49da7becc9beb9069ee115c78159eeb347
-
SSDEEP
3072:CrPY2zbiv6xSxtc8eHsnuREpbFIV8PH17+95e9+CgHlCluGO2KOSLgk5yGqO3N:CrPY2zbiSxe2/EpBIeH17LvOeKRqaN
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1