Overview

overview

10

Static

static

3

96a865f4e3...18.exe

windows7-x64

10

96a865f4e3...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    96a865f4e3bf64190538406a69ecde25_JaffaCakes118

  • Size

    176KB

  • Sample

    241124-xtny4szrcp

  • MD5

    96a865f4e3bf64190538406a69ecde25

  • SHA1

    3f9357f1ddcb84de90aa79bde0ebf7bc1817dc97

  • SHA256

    900a8220457194571af73dee187f7f891060788a2a44777ff7e02ccf7ef393ed

  • SHA512

    e523228ad94faa19bfe8a5f090ab78403bfe7a5a4b791ff4c8dedbcc69fa475d399e74aac222241eb6d756d6eff89c86ec25473df6070df9f16740f68c53af0d

  • SSDEEP

    3072:Box+1aE004Hyscz+1458zAcMXmjtBzcf8pi:k+fEnczLuM2jty

Score
10/10
xtremeratbootkitdiscoverypersistenceratspywareupx

Malware Config

Targets

    • Target

      96a865f4e3bf64190538406a69ecde25_JaffaCakes118

    • Size

      176KB

    • MD5

      96a865f4e3bf64190538406a69ecde25

    • SHA1

      3f9357f1ddcb84de90aa79bde0ebf7bc1817dc97

    • SHA256

      900a8220457194571af73dee187f7f891060788a2a44777ff7e02ccf7ef393ed

    • SHA512

      e523228ad94faa19bfe8a5f090ab78403bfe7a5a4b791ff4c8dedbcc69fa475d399e74aac222241eb6d756d6eff89c86ec25473df6070df9f16740f68c53af0d

    • SSDEEP

      3072:Box+1aE004Hyscz+1458zAcMXmjtBzcf8pi:k+fEnczLuM2jty

    Score
    10/10
    xtremeratbootkitdiscoverypersistenceratspywareupx

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

      persistencespywareratxtremerat

    • Xtremerat family

      xtremerat

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks