General
-
Target
cfe093395215bab9491fa7e8b74485f4_JaffaCakes118
-
Size
142KB
-
Sample
241207-a746xssqel
-
MD5
cfe093395215bab9491fa7e8b74485f4
-
SHA1
b1f3305d94f0b486503ff97645808369442a3bf4
-
SHA256
9c8e9d37fe4ec0f5a6595cf88bd97d78a0b8b96693342c355868859156e06107
-
SHA512
6bda66ff11ae4e49de36ddd397011ab3737055026f263726ae0f270e8ab209727d05acad67a7c9504a2cd804fb7382466dbc0f1d5e52d9074958cbafa5d8f4f5
-
SSDEEP
3072:fPaZ0JKSs3hPSMNpwzyfzg2W1Rc8waKK5:ndsXKyM2k+8TN
Static task
static1
Behavioral task
behavioral1
Sample
cfe093395215bab9491fa7e8b74485f4_JaffaCakes118.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
cfe093395215bab9491fa7e8b74485f4_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
xtremerat
vvnv12.no-ip.biz
Targets
-
-
Target
cfe093395215bab9491fa7e8b74485f4_JaffaCakes118
-
Size
142KB
-
MD5
cfe093395215bab9491fa7e8b74485f4
-
SHA1
b1f3305d94f0b486503ff97645808369442a3bf4
-
SHA256
9c8e9d37fe4ec0f5a6595cf88bd97d78a0b8b96693342c355868859156e06107
-
SHA512
6bda66ff11ae4e49de36ddd397011ab3737055026f263726ae0f270e8ab209727d05acad67a7c9504a2cd804fb7382466dbc0f1d5e52d9074958cbafa5d8f4f5
-
SSDEEP
3072:fPaZ0JKSs3hPSMNpwzyfzg2W1Rc8waKK5:ndsXKyM2k+8TN
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Xtremerat family
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1