General
-
Target
dfed61261bd1ea9fe9e18a39e558f556_JaffaCakes118
-
Size
54KB
-
Sample
241211-fceknsxkhy
-
MD5
dfed61261bd1ea9fe9e18a39e558f556
-
SHA1
f58968cdc882c4d68e4963bd000b0559d31b5782
-
SHA256
93de40e35d13e353b61b3b8c6a2f2201d5cb2e150816f3e271334d1761883bf2
-
SHA512
f4b21fb33c5a1fb9ec6544076329eb410c94a7561e6cdcd8484f49f09e191f3d991a42f5352c0a2d2f3bbc83b38c21847a463cfba1e93e8c2d3643ff119f83d0
-
SSDEEP
1536:7IsFw9veVy8Zwbzc/W3kOT2iXDOTCOT4:7tFw9WVnkzEwKiX6j
Behavioral task
behavioral1
Sample
dfed61261bd1ea9fe9e18a39e558f556_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
dfed61261bd1ea9fe9e18a39e558f556_JaffaCakes118
-
Size
54KB
-
MD5
dfed61261bd1ea9fe9e18a39e558f556
-
SHA1
f58968cdc882c4d68e4963bd000b0559d31b5782
-
SHA256
93de40e35d13e353b61b3b8c6a2f2201d5cb2e150816f3e271334d1761883bf2
-
SHA512
f4b21fb33c5a1fb9ec6544076329eb410c94a7561e6cdcd8484f49f09e191f3d991a42f5352c0a2d2f3bbc83b38c21847a463cfba1e93e8c2d3643ff119f83d0
-
SSDEEP
1536:7IsFw9veVy8Zwbzc/W3kOT2iXDOTCOT4:7tFw9WVnkzEwKiX6j
-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Xtremerat family
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1