General
-
Target
73d8c52be592c824feba5972f2cf667c_JaffaCakes118
-
Size
104KB
-
Sample
241024-p7y28sscpr
-
MD5
73d8c52be592c824feba5972f2cf667c
-
SHA1
019fc0384b4ebb1b6827e4bca059bace76b4d32b
-
SHA256
207a05af8f582c537534cb791a813e42791511c00938e5bf52ade2cbe225394a
-
SHA512
c9b7e9c5a32fb184b6287d9ab226141712e964bb11f85e0fb002f81e6a31e4b90788877e8dc8699eb66781e25579b5343756078acad83980cbd3f8b25506d2e2
-
SSDEEP
1536:e2ghaZcYZqJC3xdTOuWrdhoh8SHtNeuH21OfyerBjxwX:eHaZ0JKZWxhPSNNMOfbBo
Static task
static1
Behavioral task
behavioral1
Sample
73d8c52be592c824feba5972f2cf667c_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
xtremerat
|bahoz.no-ip.biz
Targets
-
-
Target
73d8c52be592c824feba5972f2cf667c_JaffaCakes118
-
Size
104KB
-
MD5
73d8c52be592c824feba5972f2cf667c
-
SHA1
019fc0384b4ebb1b6827e4bca059bace76b4d32b
-
SHA256
207a05af8f582c537534cb791a813e42791511c00938e5bf52ade2cbe225394a
-
SHA512
c9b7e9c5a32fb184b6287d9ab226141712e964bb11f85e0fb002f81e6a31e4b90788877e8dc8699eb66781e25579b5343756078acad83980cbd3f8b25506d2e2
-
SSDEEP
1536:e2ghaZcYZqJC3xdTOuWrdhoh8SHtNeuH21OfyerBjxwX:eHaZ0JKZWxhPSNNMOfbBo
-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1