General

  • Target

    cb1909decae91221030eea3453d66a50_JaffaCakes118

  • Size

    42KB

  • Sample

    241206-fbxpvs1kdz

  • MD5

    cb1909decae91221030eea3453d66a50

  • SHA1

    99d7133dfe299994ac9d1a718706b63228d00afc

  • SHA256

    7985cd8bd011ec614e1c8830557a6787b17bde184eafc0153f99b9836c6cd079

  • SHA512

    ec28ccafae4b0aec51d2a0ef93f75242f355adf321ebe5710738fc5a01765cbcaa473ecca72f0b9cb7ab67b1fc747956d3011551e7f50102683f8f0663a4468b

  • SSDEEP

    768:kyiUOm7d6CfXlNlhExmJDolbsFHY4hZR7B3BKhTssd:cnm7EgOmJD1dhzKhTssd

Malware Config

Targets

    • Target

      cb1909decae91221030eea3453d66a50_JaffaCakes118

    • Size

      42KB

    • MD5

      cb1909decae91221030eea3453d66a50

    • SHA1

      99d7133dfe299994ac9d1a718706b63228d00afc

    • SHA256

      7985cd8bd011ec614e1c8830557a6787b17bde184eafc0153f99b9836c6cd079

    • SHA512

      ec28ccafae4b0aec51d2a0ef93f75242f355adf321ebe5710738fc5a01765cbcaa473ecca72f0b9cb7ab67b1fc747956d3011551e7f50102683f8f0663a4468b

    • SSDEEP

      768:kyiUOm7d6CfXlNlhExmJDolbsFHY4hZR7B3BKhTssd:cnm7EgOmJD1dhzKhTssd

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Xtremerat family

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks