General

  • Target

    dfed61261bd1ea9fe9e18a39e558f556_JaffaCakes118

  • Size

    54KB

  • Sample

    241211-fceknsxkhy

  • MD5

    dfed61261bd1ea9fe9e18a39e558f556

  • SHA1

    f58968cdc882c4d68e4963bd000b0559d31b5782

  • SHA256

    93de40e35d13e353b61b3b8c6a2f2201d5cb2e150816f3e271334d1761883bf2

  • SHA512

    f4b21fb33c5a1fb9ec6544076329eb410c94a7561e6cdcd8484f49f09e191f3d991a42f5352c0a2d2f3bbc83b38c21847a463cfba1e93e8c2d3643ff119f83d0

  • SSDEEP

    1536:7IsFw9veVy8Zwbzc/W3kOT2iXDOTCOT4:7tFw9WVnkzEwKiX6j

Malware Config

Targets

    • Target

      dfed61261bd1ea9fe9e18a39e558f556_JaffaCakes118

    • Size

      54KB

    • MD5

      dfed61261bd1ea9fe9e18a39e558f556

    • SHA1

      f58968cdc882c4d68e4963bd000b0559d31b5782

    • SHA256

      93de40e35d13e353b61b3b8c6a2f2201d5cb2e150816f3e271334d1761883bf2

    • SHA512

      f4b21fb33c5a1fb9ec6544076329eb410c94a7561e6cdcd8484f49f09e191f3d991a42f5352c0a2d2f3bbc83b38c21847a463cfba1e93e8c2d3643ff119f83d0

    • SSDEEP

      1536:7IsFw9veVy8Zwbzc/W3kOT2iXDOTCOT4:7tFw9WVnkzEwKiX6j

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Xtremerat family

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Adds Run key to start application

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks