General
-
Target
c312d603d8c7db98185b108ba0923f93_JaffaCakes118
-
Size
1.5MB
-
Sample
241204-sbqmrsyngt
-
MD5
c312d603d8c7db98185b108ba0923f93
-
SHA1
7bf08dbba011210b8e485201e1270b616417e099
-
SHA256
a58fc2aeeb364767e152a8cb2fdd1772bac3233d5d0969ef4fecf59075b087be
-
SHA512
3ec1ddce9fcf11fa3dbfea1a28f4acb786092ac0423a896e203d3382c1b11a3d32674a6c092bb2fe390fd461d4653ab31fe3e5586577bd0d57e9eb7c4dcba1f1
-
SSDEEP
49152:OGVukBNCBCCCCCCCzCCCCvvvwvvvvvdvCAkBNCBCCCCCCCzCCCCvvvwvvvvvdvCK:OG9vvwvvvvvdvCpvvwvvvvvdvCK
Static task
static1
Behavioral task
behavioral1
Sample
c312d603d8c7db98185b108ba0923f93_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
c312d603d8c7db98185b108ba0923f93_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
c312d603d8c7db98185b108ba0923f93_JaffaCakes118
-
Size
1.5MB
-
MD5
c312d603d8c7db98185b108ba0923f93
-
SHA1
7bf08dbba011210b8e485201e1270b616417e099
-
SHA256
a58fc2aeeb364767e152a8cb2fdd1772bac3233d5d0969ef4fecf59075b087be
-
SHA512
3ec1ddce9fcf11fa3dbfea1a28f4acb786092ac0423a896e203d3382c1b11a3d32674a6c092bb2fe390fd461d4653ab31fe3e5586577bd0d57e9eb7c4dcba1f1
-
SSDEEP
49152:OGVukBNCBCCCCCCCzCCCCvvvwvvvvvdvCAkBNCBCCCCCCCzCCCCvvvwvvvvvdvCK:OG9vvwvvvvvdvCpvvwvvvvvdvCK
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Xtremerat family
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1