General
-
Target
cbf328774aa72ac196267e069e4fea4d_JaffaCakes118
-
Size
268KB
-
Sample
241206-j53dzsxrfs
-
MD5
cbf328774aa72ac196267e069e4fea4d
-
SHA1
60daf10b4b95523d3e244874ad43051e94558b53
-
SHA256
babe46aab4b0f26671819e3bee3a77d7041286369fa977ad19ed89e4147bec1e
-
SHA512
11117db718226215f3afa6b47693175eb0e17aa2ef6dc572097e2458e4a2e097e2745aa261cede815300d065fbcd12a08a6556ca82017684ab8b691a1e1b0371
-
SSDEEP
1536:xnpUVLADIlxhyiXSyqzQOKDKtWnyMQrD91pFhuEGK:xpUV4IlrXSyrOkfna1pSEG
Static task
static1
Behavioral task
behavioral1
Sample
cbf328774aa72ac196267e069e4fea4d_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
cbf328774aa72ac196267e069e4fea4d_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
cbf328774aa72ac196267e069e4fea4d_JaffaCakes118
-
Size
268KB
-
MD5
cbf328774aa72ac196267e069e4fea4d
-
SHA1
60daf10b4b95523d3e244874ad43051e94558b53
-
SHA256
babe46aab4b0f26671819e3bee3a77d7041286369fa977ad19ed89e4147bec1e
-
SHA512
11117db718226215f3afa6b47693175eb0e17aa2ef6dc572097e2458e4a2e097e2745aa261cede815300d065fbcd12a08a6556ca82017684ab8b691a1e1b0371
-
SSDEEP
1536:xnpUVLADIlxhyiXSyqzQOKDKtWnyMQrD91pFhuEGK:xpUV4IlrXSyrOkfna1pSEG
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Xtremerat family
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1