General
-
Target
b2c466baa06ed734c900ebb204443bab_JaffaCakes118
-
Size
492KB
-
Sample
241129-vzprgsslhl
-
MD5
b2c466baa06ed734c900ebb204443bab
-
SHA1
5e4fc6b1987be9ed5c415422323c258430aab4cb
-
SHA256
c70510202c462ace65b2ebd8a8f6a18bd4ce1837c8969b0cca5f4e15da91234b
-
SHA512
614013c91fe4e0a6d7ffb979bb1df8f6a9b5bda948ca3f272729153331f7cda57bb17181371811b9d2838c197d82dc11b65a919078d9ce0916e33637a84931ee
-
SSDEEP
12288:jUeogh3M90xFJGJ1F2g5IR/hv5QfUEv5vQ/NTkcGetZj7Flpp0w+7/FDryK+fv3H:jTsF2g5IR/hv5QfUEv5vQ/NTkcGetZj9
Malware Config
Targets
-
-
Target
b2c466baa06ed734c900ebb204443bab_JaffaCakes118
-
Size
492KB
-
MD5
b2c466baa06ed734c900ebb204443bab
-
SHA1
5e4fc6b1987be9ed5c415422323c258430aab4cb
-
SHA256
c70510202c462ace65b2ebd8a8f6a18bd4ce1837c8969b0cca5f4e15da91234b
-
SHA512
614013c91fe4e0a6d7ffb979bb1df8f6a9b5bda948ca3f272729153331f7cda57bb17181371811b9d2838c197d82dc11b65a919078d9ce0916e33637a84931ee
-
SSDEEP
12288:jUeogh3M90xFJGJ1F2g5IR/hv5QfUEv5vQ/NTkcGetZj7Flpp0w+7/FDryK+fv3H:jTsF2g5IR/hv5QfUEv5vQ/NTkcGetZj9
Score10/10-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Xtremerat family
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1