General
-
Target
b46729074b73bc84457b30bebda8f537_JaffaCakes118
-
Size
107KB
-
Sample
241130-csyfya1rek
-
MD5
b46729074b73bc84457b30bebda8f537
-
SHA1
c65c078428bb3e2da04bc9b7da72f179a3e0e94d
-
SHA256
de0186a8e6eba22419458f5f174ff1d58ebd999d2e00353027b53d68db233fe9
-
SHA512
14c634caabf5c4b879c21252acc272f3285812ea95ae21599176cca6de3ea894646b65f39d403795e7139cd501661e2cc7351c615076343d3562207de5a22d64
-
SSDEEP
1536:vSRKvgtx1lr6an/Tz2vm2FuQUy58XuSbCV6jmy5XXuSbCV6jXow:vSRKI732z58DDd5XDDXow
Malware Config
Targets
-
-
Target
b46729074b73bc84457b30bebda8f537_JaffaCakes118
-
Size
107KB
-
MD5
b46729074b73bc84457b30bebda8f537
-
SHA1
c65c078428bb3e2da04bc9b7da72f179a3e0e94d
-
SHA256
de0186a8e6eba22419458f5f174ff1d58ebd999d2e00353027b53d68db233fe9
-
SHA512
14c634caabf5c4b879c21252acc272f3285812ea95ae21599176cca6de3ea894646b65f39d403795e7139cd501661e2cc7351c615076343d3562207de5a22d64
-
SSDEEP
1536:vSRKvgtx1lr6an/Tz2vm2FuQUy58XuSbCV6jmy5XXuSbCV6jXow:vSRKI732z58DDd5XDDXow
Score10/10-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Xtremerat family
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1