General
-
Target
dd5e6030d58c06eefa009462eca2dd79_JaffaCakes118
-
Size
39KB
-
Sample
241210-gx614a1kgm
-
MD5
dd5e6030d58c06eefa009462eca2dd79
-
SHA1
4a2b284b304ee39256f3650836118554ea2b8579
-
SHA256
56ada6719c45c3ef447a57c7b63c52892f2db11713a09d43434a15c16f95d66f
-
SHA512
49392830866f02dad7c8b97df410baeb611e7b509aba8d1598518621387b56b2866e46e646e3b76486c10d751a5208287de316a9e0e9fffc700deac317475d59
-
SSDEEP
768:uMuijtHf5g7/IIG3bGcYDBSvFIWuePQtv66l0FIB4XIcbVhb2g8h2x:LNW71rcYDAWeotvXl044XIcHb2g8h
Behavioral task
behavioral1
Sample
dd5e6030d58c06eefa009462eca2dd79_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
xtremerat
king312.no-ip.org
Targets
-
-
Target
dd5e6030d58c06eefa009462eca2dd79_JaffaCakes118
-
Size
39KB
-
MD5
dd5e6030d58c06eefa009462eca2dd79
-
SHA1
4a2b284b304ee39256f3650836118554ea2b8579
-
SHA256
56ada6719c45c3ef447a57c7b63c52892f2db11713a09d43434a15c16f95d66f
-
SHA512
49392830866f02dad7c8b97df410baeb611e7b509aba8d1598518621387b56b2866e46e646e3b76486c10d751a5208287de316a9e0e9fffc700deac317475d59
-
SSDEEP
768:uMuijtHf5g7/IIG3bGcYDBSvFIWuePQtv66l0FIB4XIcbVhb2g8h2x:LNW71rcYDAWeotvXl044XIcHb2g8h
-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Xtremerat family
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1