General

  • Target

    cbf328774aa72ac196267e069e4fea4d_JaffaCakes118

  • Size

    268KB

  • Sample

    241206-j53dzsxrfs

  • MD5

    cbf328774aa72ac196267e069e4fea4d

  • SHA1

    60daf10b4b95523d3e244874ad43051e94558b53

  • SHA256

    babe46aab4b0f26671819e3bee3a77d7041286369fa977ad19ed89e4147bec1e

  • SHA512

    11117db718226215f3afa6b47693175eb0e17aa2ef6dc572097e2458e4a2e097e2745aa261cede815300d065fbcd12a08a6556ca82017684ab8b691a1e1b0371

  • SSDEEP

    1536:xnpUVLADIlxhyiXSyqzQOKDKtWnyMQrD91pFhuEGK:xpUV4IlrXSyrOkfna1pSEG

Malware Config

Targets

    • Target

      cbf328774aa72ac196267e069e4fea4d_JaffaCakes118

    • Size

      268KB

    • MD5

      cbf328774aa72ac196267e069e4fea4d

    • SHA1

      60daf10b4b95523d3e244874ad43051e94558b53

    • SHA256

      babe46aab4b0f26671819e3bee3a77d7041286369fa977ad19ed89e4147bec1e

    • SHA512

      11117db718226215f3afa6b47693175eb0e17aa2ef6dc572097e2458e4a2e097e2745aa261cede815300d065fbcd12a08a6556ca82017684ab8b691a1e1b0371

    • SSDEEP

      1536:xnpUVLADIlxhyiXSyqzQOKDKtWnyMQrD91pFhuEGK:xpUV4IlrXSyrOkfna1pSEG

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Xtremerat family

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks