General
-
Target
7e7e0caa0b46e9f784398b22b8405807_JaffaCakes118
-
Size
549KB
-
Sample
241030-keclbaykgz
-
MD5
7e7e0caa0b46e9f784398b22b8405807
-
SHA1
2cd255ebc6e5ed4b37a3c172a920e33309012226
-
SHA256
dee59bc1ac006a053dd43ce57526e405e110d738e33a7f83a74ec7bfa92c2add
-
SHA512
0bd0c2640c0c3bb3e5abac98a90231402d04940cd14fb00801e29581ed5252593ad8889148590b28aa8b79390aa828283ecdf248ad42592cc0cfd31cf613322b
-
SSDEEP
12288:M7jRcObs22o6w7Jvgb89cqpZEsSS/DjC4eRJUiZ8TzZ16:dyywUAQuWR+dTzG
Malware Config
Targets
-
-
Target
7e7e0caa0b46e9f784398b22b8405807_JaffaCakes118
-
Size
549KB
-
MD5
7e7e0caa0b46e9f784398b22b8405807
-
SHA1
2cd255ebc6e5ed4b37a3c172a920e33309012226
-
SHA256
dee59bc1ac006a053dd43ce57526e405e110d738e33a7f83a74ec7bfa92c2add
-
SHA512
0bd0c2640c0c3bb3e5abac98a90231402d04940cd14fb00801e29581ed5252593ad8889148590b28aa8b79390aa828283ecdf248ad42592cc0cfd31cf613322b
-
SSDEEP
12288:M7jRcObs22o6w7Jvgb89cqpZEsSS/DjC4eRJUiZ8TzZ16:dyywUAQuWR+dTzG
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Xtremerat family
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1