General
-
Target
615980974c3cd0617493683e879293a4_JaffaCakes118
-
Size
75KB
-
Sample
241020-kqgz6s1enn
-
MD5
615980974c3cd0617493683e879293a4
-
SHA1
5059f260284f55c869b7ec4d2b6cc1875f66b422
-
SHA256
fcbf515ddd19f888f892cddbebfab9d9c666d2eb4afde374fee8d1128cf89d3a
-
SHA512
bb5ef9a1e8710a3b38f3b6d908cb46f10aa7831108bd1c169da3de427d440907d924635e47ec2eb8eb663e1ad4246d952fa2d77aecedc2abd2ae863e58daf31c
-
SSDEEP
768:kE9hghdN12Ozhiow2Gkm6+c3/6tzo0qZOp69AwR:ku+zMOlw2GkmS3ytoW+z
Malware Config
Targets
-
-
Target
615980974c3cd0617493683e879293a4_JaffaCakes118
-
Size
75KB
-
MD5
615980974c3cd0617493683e879293a4
-
SHA1
5059f260284f55c869b7ec4d2b6cc1875f66b422
-
SHA256
fcbf515ddd19f888f892cddbebfab9d9c666d2eb4afde374fee8d1128cf89d3a
-
SHA512
bb5ef9a1e8710a3b38f3b6d908cb46f10aa7831108bd1c169da3de427d440907d924635e47ec2eb8eb663e1ad4246d952fa2d77aecedc2abd2ae863e58daf31c
-
SSDEEP
768:kE9hghdN12Ozhiow2Gkm6+c3/6tzo0qZOp69AwR:ku+zMOlw2GkmS3ytoW+z
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1