General

  • Target

    c312d603d8c7db98185b108ba0923f93_JaffaCakes118

  • Size

    1.5MB

  • Sample

    241204-sbqmrsyngt

  • MD5

    c312d603d8c7db98185b108ba0923f93

  • SHA1

    7bf08dbba011210b8e485201e1270b616417e099

  • SHA256

    a58fc2aeeb364767e152a8cb2fdd1772bac3233d5d0969ef4fecf59075b087be

  • SHA512

    3ec1ddce9fcf11fa3dbfea1a28f4acb786092ac0423a896e203d3382c1b11a3d32674a6c092bb2fe390fd461d4653ab31fe3e5586577bd0d57e9eb7c4dcba1f1

  • SSDEEP

    49152:OGVukBNCBCCCCCCCzCCCCvvvwvvvvvdvCAkBNCBCCCCCCCzCCCCvvvwvvvvvdvCK:OG9vvwvvvvvdvCpvvwvvvvvdvCK

Malware Config

Targets

    • Target

      c312d603d8c7db98185b108ba0923f93_JaffaCakes118

    • Size

      1.5MB

    • MD5

      c312d603d8c7db98185b108ba0923f93

    • SHA1

      7bf08dbba011210b8e485201e1270b616417e099

    • SHA256

      a58fc2aeeb364767e152a8cb2fdd1772bac3233d5d0969ef4fecf59075b087be

    • SHA512

      3ec1ddce9fcf11fa3dbfea1a28f4acb786092ac0423a896e203d3382c1b11a3d32674a6c092bb2fe390fd461d4653ab31fe3e5586577bd0d57e9eb7c4dcba1f1

    • SSDEEP

      49152:OGVukBNCBCCCCCCCzCCCCvvvwvvvvvdvCAkBNCBCCCCCCCzCCCCvvvwvvvvvdvCK:OG9vvwvvvvvdvCpvvwvvvvvdvCK

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Xtremerat family

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks