General
-
Target
cb1909decae91221030eea3453d66a50_JaffaCakes118
-
Size
42KB
-
Sample
241206-fbxpvs1kdz
-
MD5
cb1909decae91221030eea3453d66a50
-
SHA1
99d7133dfe299994ac9d1a718706b63228d00afc
-
SHA256
7985cd8bd011ec614e1c8830557a6787b17bde184eafc0153f99b9836c6cd079
-
SHA512
ec28ccafae4b0aec51d2a0ef93f75242f355adf321ebe5710738fc5a01765cbcaa473ecca72f0b9cb7ab67b1fc747956d3011551e7f50102683f8f0663a4468b
-
SSDEEP
768:kyiUOm7d6CfXlNlhExmJDolbsFHY4hZR7B3BKhTssd:cnm7EgOmJD1dhzKhTssd
Static task
static1
Behavioral task
behavioral1
Sample
cb1909decae91221030eea3453d66a50_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Targets
-
-
Target
cb1909decae91221030eea3453d66a50_JaffaCakes118
-
Size
42KB
-
MD5
cb1909decae91221030eea3453d66a50
-
SHA1
99d7133dfe299994ac9d1a718706b63228d00afc
-
SHA256
7985cd8bd011ec614e1c8830557a6787b17bde184eafc0153f99b9836c6cd079
-
SHA512
ec28ccafae4b0aec51d2a0ef93f75242f355adf321ebe5710738fc5a01765cbcaa473ecca72f0b9cb7ab67b1fc747956d3011551e7f50102683f8f0663a4468b
-
SSDEEP
768:kyiUOm7d6CfXlNlhExmJDolbsFHY4hZR7B3BKhTssd:cnm7EgOmJD1dhzKhTssd
-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Xtremerat family
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1