General
-
Target
51dfb4beae08f835be6e890073cf346b_JaffaCakes118
-
Size
38KB
-
Sample
241017-nhkymsydlq
-
MD5
51dfb4beae08f835be6e890073cf346b
-
SHA1
e5c7db2fa905e4ebf2544071879768ad9ffe7473
-
SHA256
b51b5eac50f486c856babd92b30dd0b91279ea8640be22d084d2dca8cb31f04c
-
SHA512
5c753a8dc0f6dcbcfffecd34c30ca78742cbc6e4c85aaf87bd3ed09e66732f7eed17de55d6084e89b5d2a95f22e9cab4211ba6725d8eb5ab7e7d4620d87f16fd
-
SSDEEP
768:RoabwE2lmHw2c9nuvNhXdCtvCBQZzQcmNtOC229l4BmcGbE:RoaMrlm5c9n6NhXISC5V0lymcGY
Malware Config
Targets
-
-
Target
51dfb4beae08f835be6e890073cf346b_JaffaCakes118
-
Size
38KB
-
MD5
51dfb4beae08f835be6e890073cf346b
-
SHA1
e5c7db2fa905e4ebf2544071879768ad9ffe7473
-
SHA256
b51b5eac50f486c856babd92b30dd0b91279ea8640be22d084d2dca8cb31f04c
-
SHA512
5c753a8dc0f6dcbcfffecd34c30ca78742cbc6e4c85aaf87bd3ed09e66732f7eed17de55d6084e89b5d2a95f22e9cab4211ba6725d8eb5ab7e7d4620d87f16fd
-
SSDEEP
768:RoabwE2lmHw2c9nuvNhXdCtvCBQZzQcmNtOC229l4BmcGbE:RoaMrlm5c9n6NhXISC5V0lymcGY
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1