Overview

overview

10

Static

static

3

b9d6b50884...18.exe

windows7-x64

10

b9d6b50884...18.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b9d6b508843d8ee4538e3012bd771314_JaffaCakes118

  • Size

    662KB

  • Sample

    241202-ybv55svmhr

  • MD5

    b9d6b508843d8ee4538e3012bd771314

  • SHA1

    1346c848dd23633f2779e59204267455857c1881

  • SHA256

    640647c101b1400e60bd579be1b829cdab7b431c18d14946d85032ab2f99566e

  • SHA512

    89ee46028def0403efe63878f38b3a23e184ddd1b509a97cf39ef044aa96243b0e0bd9526a2d0941be676868e35400caf2bf7de4b692c3bdcfdfe1823b747de6

  • SSDEEP

    12288:w9tLCL2McWmsDe5xAi1Pu3/Th12Avux7WK+O8GapLrpzL:w9ts2MbmsSHAycaQuxyKXhapLrpzL

Score
10/10
xtremeratdiscoverypersistenceratspywareupx

Malware Config

Targets

    • Target

      b9d6b508843d8ee4538e3012bd771314_JaffaCakes118

    • Size

      662KB

    • MD5

      b9d6b508843d8ee4538e3012bd771314

    • SHA1

      1346c848dd23633f2779e59204267455857c1881

    • SHA256

      640647c101b1400e60bd579be1b829cdab7b431c18d14946d85032ab2f99566e

    • SHA512

      89ee46028def0403efe63878f38b3a23e184ddd1b509a97cf39ef044aa96243b0e0bd9526a2d0941be676868e35400caf2bf7de4b692c3bdcfdfe1823b747de6

    • SSDEEP

      12288:w9tLCL2McWmsDe5xAi1Pu3/Th12Avux7WK+O8GapLrpzL:w9ts2MbmsSHAycaQuxyKXhapLrpzL

    Score
    10/10
    xtremeratdiscoverypersistenceratspywareupx

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

      persistencespywareratxtremerat

    • Xtremerat family

      xtremerat

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks