General
-
Target
db5aef4f5492fbe3b91ee8378990fda8_JaffaCakes118
-
Size
61KB
-
Sample
241209-y2yzqazlcs
-
MD5
db5aef4f5492fbe3b91ee8378990fda8
-
SHA1
4f8cfbc766546c901db03e5caf6f8ee68eac80f2
-
SHA256
c78f808fa6c3a643232b4d3c5f88e2b396e1ffca54d42ddd2771fe70a222fa3f
-
SHA512
80b07f0a6a4a7e66a6fd7151e05fa68b0b7860a486735820d233a7505f0bc341cf0fd84a047fe7bccdb831b931cf70cbd6a7b1e5d9b5645494c6dd0f69287f12
-
SSDEEP
1536:pT8qDqQ8K9MKhuiUMKgP2koJxg8tl5NXx:tqMyKQLLg8/V
Behavioral task
behavioral1
Sample
db5aef4f5492fbe3b91ee8378990fda8_JaffaCakes118.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
db5aef4f5492fbe3b91ee8378990fda8_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
xtremerat
amhi.no-ip.info
Targets
-
-
Target
db5aef4f5492fbe3b91ee8378990fda8_JaffaCakes118
-
Size
61KB
-
MD5
db5aef4f5492fbe3b91ee8378990fda8
-
SHA1
4f8cfbc766546c901db03e5caf6f8ee68eac80f2
-
SHA256
c78f808fa6c3a643232b4d3c5f88e2b396e1ffca54d42ddd2771fe70a222fa3f
-
SHA512
80b07f0a6a4a7e66a6fd7151e05fa68b0b7860a486735820d233a7505f0bc341cf0fd84a047fe7bccdb831b931cf70cbd6a7b1e5d9b5645494c6dd0f69287f12
-
SSDEEP
1536:pT8qDqQ8K9MKhuiUMKgP2koJxg8tl5NXx:tqMyKQLLg8/V
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Xtremerat family
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Deletes itself
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1