General
-
Target
72535075f9d9badf16356d9685a0694b_JaffaCakes118
-
Size
365KB
-
Sample
241024-e4q74swcnq
-
MD5
72535075f9d9badf16356d9685a0694b
-
SHA1
33f0915520b53d0ac678392e04eff3142578ec09
-
SHA256
73686e12bb2418752e07871231b64c34fbe996f810d05a642b066218b385d30a
-
SHA512
84d87272e08aa4caf13fbe988d0d7d33a095fbb3750cdf2a0cbd647c08bc64378a6875e4aa7bb87fc8658f1f929bdc4a356e3a3f147766dc31fc69824ffe8648
-
SSDEEP
6144:SwRqy7KFKYkUikWzfcIWubtI7IWsf8bQvC5JjBzxcJsq53TEE2xdt3hLXIh/G3Sv:SwR37KMYk1tWubtI7I/8bQapFcJsu3o0
Malware Config
Targets
-
-
Target
72535075f9d9badf16356d9685a0694b_JaffaCakes118
-
Size
365KB
-
MD5
72535075f9d9badf16356d9685a0694b
-
SHA1
33f0915520b53d0ac678392e04eff3142578ec09
-
SHA256
73686e12bb2418752e07871231b64c34fbe996f810d05a642b066218b385d30a
-
SHA512
84d87272e08aa4caf13fbe988d0d7d33a095fbb3750cdf2a0cbd647c08bc64378a6875e4aa7bb87fc8658f1f929bdc4a356e3a3f147766dc31fc69824ffe8648
-
SSDEEP
6144:SwRqy7KFKYkUikWzfcIWubtI7IWsf8bQvC5JjBzxcJsq53TEE2xdt3hLXIh/G3Sv:SwR37KMYk1tWubtI7I/8bQapFcJsu3o0
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1